Main Vulnerability Database Vulnerabilities #VU12686

Buffer overflow in Lenovo System Update - CVE-2018-9063

Published: May 14, 2018 / Updated: May 15, 2018

Vulnerability identifier: #VU12686

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-9063

CWE-ID: CWE-120

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Lenovo

Affected software:
Lenovo System Update

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privivleges on the target system.

The weakness exists in MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) due to buffer overflow. A local attacker entering very large user ID or password can overrun the program's buffer and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-9063

Update to version 5.07.0072 or later.

Sources

https://support.lenovo.com/ua/ru/solutions/len-19625

Buffer overflow in Lenovo System Update - CVE-2018-9063

Detailed vulnerability description

How to mitigate CVE-2018-9063

Sources

Please verify you're human