PT-2018-18824 · Lenovo · Lenovo System Update

Published

2018-05-04

Updated

2018-06-13

CVE-2018-9063

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lenovo System Update versions prior to 5.07.0072

Description The issue allows an attacker to potentially execute arbitrary code by entering a very large user ID or password, causing a buffer overrun in the mapdrv.exe program. This can lead to undefined behaviors. The attacker does not gain additional privileges beyond those required to run mapdrv.exe.

Recommendations For versions prior to 5.07.0072, update to version 5.07.0072 or later to resolve the issue. As a temporary workaround, consider restricting input lengths for user ID and password to prevent buffer overruns until a patch is applied.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-9063

Affected Products

Lenovo System Update

PT-2018-18824 · Lenovo · Lenovo System Update

CVE-2018-9063

Weakness Enumeration

Related Identifiers

Affected Products

References · 4