Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500013-NOSID
HistoryJan 23, 2017 - 12:00 a.m.

USB Enhanced Performance Keyboard

2017-01-2300:00:00
support.lenovo.com
31

EPSS

0

Percentile

5.1%

JSON

Lenovo Security Advisory: LEN-2015-015 **Potential Impact:**Escalation of Privilege Severity: Low

Summary:
Lenovo’s “USB Enhanced Performance Keyboard” software has a known issue where debug code was accidently left in the application. The debug code includes information about which keys on the keyboard are pressed. Lenovo has released a new version of the software that removes the debug code.

Description:
The debug code exists in all previous versions of the software, and has been preloaded on ThinkPad and ThinkCentre systems since early 2014. The debug code, in SKHOOKS.DLL, calls the Windows API OutputDebugString to indicate which key has been pressed. The debug code does not store this information or send it anywhere. There is no possibility to exploit this vulnerability remotely. Only users with access to the system, and the ability to run a special tool to capture debug output, are able to intercept these calls to OutputDebugString. To eliminate this vulnerability, Lenovo has removed the debug code from SKHOOKS.DLL.

Mitigation Strategy for Customers (what you should do to protect yourself):
There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps:

  • Starting from March 4, 2015, run Lenovo System Update and install the recommended USB Enhanced Performance Keyboard software update
  • Make sure you have the latest version of the software installed on your computer. The minimum version that corrects the problem is version 2.0.2.2. You can find the latest version of the software Here.
  • Alternatively, if you are not using the optional Lenovo USB Enhanced Performance Keyboard (73p2620), you may uninstall this software using the following steps:
    1. Open Control Panel
    2. Click on “Programs”
    3. Click on “Uninstall a Program”
    4. In the list of installed programs, find “USB Enhanced Performance keyboard” and then click on the “Uninstall” button

Acknowledgements:
None

Other information and references:
CVE ID: CVE-2015-3320

Revision History:

Revision

|

Date

|

Description

—|—|—
1.1 | 05/05/2015 | Added CVE ID

1.0

|

03/04/2015

|

Initial Release

Related

nvd 1
cvelist 1
prion 1
lenovo 1
cve 1
nvd
nvd
CVE-2015-3320
2015-04-16 23:59:02
cvelist
cvelist
CVE-2015-3320
2015-04-16 23:00:00
prion
prion
Design/Logic Flaw
2015-04-16 23:59:00
lenovo
lenovo
USB Enhanced Performance Keyboard - Lenovo Support US
2017-01-23 00:00:00
cve
cve
CVE-2015-3320
2015-04-16 23:59:02

EPSS

0

Percentile

5.1%

JSON
Related for LENOVO:PS500013-NOSID
nvd1cvelist1prion1lenovo1cve1