CVE-2018-10828

Name of the Vulnerable Software and Affected Versions Alps Pointing-device Driver version 10.1.101.207

Description An issue in the Alps Pointing-device Driver allows the current user to map and write to the ApMsgFwd File Mapping Object section. The ApMsgFwd.exe uses the data written to this section as arguments to functions, which can cause a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with various devices, including Dell, ThinkPad, and VAIO.

Recommendations For Alps Pointing-device Driver version 10.1.101.207, consider restricting access to the ApMsgFwd File Mapping Object section to prevent unauthorized writes. As a temporary workaround, avoid using the ApMsgFwd.exe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.