[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue
- To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue
- From: Caiyuan Xie <caiyuan.xie@xxxxxxxxxxx>
- Date: Fri, 17 Jul 2020 08:29:11 +0000
Summary:
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad
driver, which might allow an attacker to execute malicious code. ALPS ALPINE
has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always
present in the driver package. If an attacker can gain control of one of the
DLL search directories, a malicious copy of the DLL can be placed in that
directory and make the vulnerable ALPS ALPINE driver component run malicious
code in it.
CVE: CVE-2020-15596
CVSS Base Score: 6.4 Medium (if the attacker can get administrative privileges)
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
ALPS ALPINE Touchpad driver
Recommendation:
ALPS ALPINE has worked with OEMs and ODMs to develop software updates that can
protect systems from the vulnerability. The solution has been confirmed by
AFINE, who discovered and reported the vulnerability.
End users and systems administrators should check with their system
manufacturers and system software vendors and apply any available updates as
soon as practical.
Acknowledgments:
ALPS ALPINE would like to thank AFINE for finding the vulnerability and
validating the solution, as well as the OEM and ODM partners for their support.
Best Regards
Shirley
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/