CVE-2018-9063Improper Restriction of Operations within the Bounds of a Memory Buffer in Lenovo System Update

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo System UpdateLenovo Group LTD Lenovo System Update
Timeline
PublishedMay 4
Latest updateMay 14

Description

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlenovo/system_update< 5.07.0072
CVEListV5lenovo_group_ltd/lenovo_system_updateEarlier than 5.07.0072

🔴Vulnerability Details

2
GHSA
GHSA-wp87-97vq-c79x: MapDrv (C:\Program Files\Lenovo\System Update\mapdrv2022-05-14
CVEList
CVE-2018-9063: MapDrv (C:\Program Files\Lenovo\System Update\mapdrv2018-05-04
CVE-2018-9063 — Lenovo System Update vulnerability | cvebase