Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500166-NOSID
HistoryMay 03, 2018 - 2:06 p.m.

Buffer Overflow in Lenovo System Update Drive Mapping Utility - US

2018-05-0314:06:00
support.lenovo.com
505

0.0004 Low

EPSS

Percentile

12.7%

JSON

Lenovo Security Advisory: LEN-19625

**Potential Impact:**Buffer overflow resulting in undefined behaviors, such as execution of arbitrary code

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2018-9063

Summary Description:

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) contains a local vulnerability where an attacker entering very large user ID or password can overrun the program’s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update Lenovo System Update to version 5.07.0072 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting β€œAbout.”

Lenovo System Update can be updated by choosing either of the following methods:

  1. Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that a new version is available.
  2. To manually update, download the latest version from the following URL: https://support.lenovo.com/en/documents/ht080136

Acknowledgement:

Lenovo thanks SaifAllah benMassaoud @benmassaou for reporting this issue.

References:

System Update Solution Deployment Guide: <https://download.lenovo.com/pccbbs/mobiles_pdf/tvsu5_mst_en.pdf&gt;

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision

|

Date

|

Description

β€”|β€”|β€”

1

|

2018-05-03

|

Initial release

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as β€œas is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Related

vulnerlab 2
cvelist 1
lenovo 1
nvd 1
cve 1
prion 1
threatpost 1
vulnerlab
vulnerlab
Lenovo SU v5.07 - Buffer Overflow & Code Execution
2018-07-12 00:00:00
Lenovo SU v5.07 - Buffer Overflow & Code Execution
2018-07-12 00:00:00
cvelist
cvelist
CVE-2018-9063
2018-05-03 00:00:00
lenovo
lenovo
Buffer Overflow in Lenovo System Update Drive Mapping Utility - Lenovo Support US
2018-05-03 14:06:00
nvd
nvd
CVE-2018-9063
2018-05-04 17:29:00
cve
cve
CVE-2018-9063
2018-05-04 17:29:00
prion
prion
Design/Logic Flaw
2018-05-04 17:29:00
threatpost
threatpost
Lenovo Patches Arbitrary Code Execution Flaw
2018-05-07 14:14:19

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for LENOVO:PS500166-NOSID
vulnerlab2cvelist1lenovo1nvd1cve1prion1threatpost1