CVE-2018-9063

Name of the Vulnerable Software and Affected Versions Lenovo System Update versions prior to 5.07.0072

Description The issue allows an attacker to potentially execute arbitrary code by entering a very large user ID or password, causing a buffer overrun in the mapdrv.exe program. This can lead to undefined behaviors. The attacker does not gain additional privileges beyond those required to run mapdrv.exe.

Recommendations For versions prior to 5.07.0072, update to version 5.07.0072 or later to resolve the issue. As a temporary workaround, consider restricting input lengths for user ID and password to prevent buffer overruns until a patch is applied.