CVE-2018-9063 (GCVE-0-2018-9063)

Vulnerability from cvelistv5 – Published: 2018-05-04 16:00 – Updated: 2024-09-16 20:12

Summary

Severity ?

No CVSS data available.

CWE

Buffer overflow

Assigner

lenovo

References

URL

	Vendor	Product	Version
	Lenovo Group Ltd.	Lenovo System Update	Affected: Earlier than 5.07.0072

VAR-201805-0936

Vulnerability from variot - Updated: 2023-12-18 13:33

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. Lenovo System Update Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow attackers to execute arbitrary code with elevated privileges. Failed exploits may result in denial-of-service conditions. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Document Title: =============== Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability

References (Source):

https://www.vulnerability-lab.com/get_content.php?id=2131

Lenovo Security ID: LEN-19625

https://nvd.nist.gov/vuln/detail/CVE-2018-9063 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9063

Acknowledgements: https://support.lenovo.com/us/fr/solutions/len-19625

News & Press References: https://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers https://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9063

CVE-ID:

CVE-2018-9063

Release Date:

2018-07-12

Vulnerability Laboratory ID (VL-ID):

2131

Common Vulnerability Scoring System:

7.8

Vulnerability Class:

Buffer Overflow

Current Estimated Price:

4.000a! - 5.000a!

Abstract Advisory Information:

The vulnerability laboratory core research team discovered a local buffer overflow vulnerability in the official Lenovo SU v5.7.x & v5.6.x. software.

Vulnerability Disclosure Timeline:

2018-05-03: Release Date (Lenovo) 2018-07-12: Public Disclosure (Vulnerability Laboratory)

Discovery Status:

Published

Affected Product(s):

Lenovo Product: SU (MapDrv - mapdrv.exe) 5.7.19, 5.6.34, 5.6.0.28 & 5.6.0.27

Exploitation Technique:

Local

Severity Level:

High

Authentication Type:

Restricted authentication (user/moderator) - User privileges

User Interaction:

No User Interaction

Disclosure Type:

Responsible Disclosure Program

Technical Details & Description:

A local buffer overflow and arbitrary code exeuction has been discovered in the official Lenovo SU v5.7.x & v5.6.x. software. The vulnerability allows to overwrite the active registers of the process to compromise the affected software by gaining higher system access privileges.

Exploitation of the local buffer overflow vulnerability requires no user interaction and system user process privileges of the driver. Successful exploitation of the buffer overflow vulnerability results in a compromise of the local system process or affected computer system.

Vulnerable Driver: [+] MapDrv

Affected Process: [+] mapdrv.exe

Proof of Concept (PoC):

The vulnerability can be exploited by local attackers with system process privileges and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below.

--- Debug Error Exception Session Log (Exception) --- (d8c.1988): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=029ab7a0 ebx=0031fe05 ecx=00000041 edx=fd974860 esi=029a9d70 edi=0031fd04 eip=00a256b3 esp=0031e54c ebp=0031fc70 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206 *** ERROR: Module load completed but symbols could not be loaded for image00a20000 image00a20000+0x56b3: 00a256b3 66890c02 mov word ptr [edx+eax],cx ds:0023:00320000=0000

--- Debug Session Log [Exception Analysis] --- FAULTING_IP: image00a20000+56b3 00a256b3 66890c02 mov word ptr [edx+eax],cx

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff) ExceptionAddress: 00a256b3 (image00a20000+0x000056b3) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00320000 Attempt to write to address 00320000

FAULTING_THREAD: 00001988 PROCESS_NAME: image00a20000 FAULTING_MODULE: 77ab0000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 594b6578 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. WRITE_ADDRESS: 00320000 BUGCHECK_STR: ACCESS_VIOLATION

IP_ON_HEAP: 00410041 The fault address in not in any loaded module, please check your build's rebase log at binbuild_logstimebuildntrebase.log for module which may contain the address if it were loaded.

DEFAULT_BUCKET_ID: WRONG_SYMBOLS FRAME ONE INVALID: 1800200000000a LAST_CONTROL_TRANSFER: from 00410041 to 00a256b3

STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 0031fc70 00410041 00410041 00410041 00410041 image00a20000+0x56b3 0031fc74 00410041 00410041 00410041 00410041 0x410041 0031fc78 00410041 00410041 00410041 00410041 0x410041 0031fc7c 00410041 00410041 00410041 00410041 0x410041 0031fc80 00410041 00410041 00410041 00410041 0x410041 0031fc84 00410041 00410041 00410041 00410041 0x410041 0031fc88 00410041 00410041 00410041 00410041 0x410041 0031fc8c 00410041 00410041 00410041 00410041 0x410041 0031fc90 00410041 00410041 00410041 00410041 0x410041 0031fc94 00410041 00410041 00410041 00410041 0x410041 0031fc98 00410041 00410041 00410041 00410041 0x410041 0031fc9c 00410041 00410041 00410041 00410041 0x410041 0031fca0 00410041 00410041 00410041 00410041 0x410041 0031fca4 00410041 00410041 00410041 00410041 0x410041 0031fca8 00410041 00410041 00410041 00410041 0x410041 0031fcac 00410041 00410041 00410041 00410041 0x410041 0031fcb0 00410041 00410041 00410041 00410041 0x410041 0031fcb4 00410041 00410041 00410041 00410041 0x410041 0031fcb8 00410041 00410041 00410041 00410041 0x410041 0031fcbc 00410041 00410041 00410041 00410041 0x410041 0031fcc0 00410041 00410041 00410041 00410041 0x410041 0031fcc4 00410041 00410041 00410041 00410041 0x410041 0031fcc8 00410041 00410041 00410041 00410041 0x410041 0031fccc 00410041 00410041 00410041 00410041 0x410041 0031fcd0 00410041 00410041 00410041 00410041 0x410041 0031fcd4 00410041 00410041 00410041 00410041 0x410041 0031fcd8 00410041 00410041 00410041 00410041 0x410041 0031fcdc 00410041 00410041 00410041 00410041 0x410041 0031fce0 00410041 00410041 00410041 00410041 0x410041 0031fce4 00410041 00410041 00410041 00410041 0x410041 0031fce8 00410041 00410041 00410041 00410041 0x410041 0031fcec 00410041 00410041 00410041 00410041 0x410041 0031fcf0 00410041 00410041 00410041 00410041 0x410041 0031fcf4 00410041 00410041 00410041 00410041 0x410041 0031fcf8 00410041 00410041 00410041 00410041 0x410041 0031fcfc 00410041 00410041 00410041 00410041 0x410041 0031fd00 00410041 00410041 00410041 00410041 0x410041 0031fd04 00410041 00410041 00410041 00410041 0x410041 0031fd08 00410041 00410041 00410041 00410041 0x410041 0031fd0c 00410041 00410041 00410041 00410041 0x410041 0031fd10 00410041 00410041 00410041 00410041 0x410041 0031fd14 00410041 00410041 00410041 00410041 0x410041 0031fd18 00410041 00410041 00410041 00410041 0x410041 0031fd1c 00410041 00410041 00410041 00410041 0x410041 0031fd20 00410041 00410041 00410041 00410041 0x410041 0031fd24 00410041 00410041 00410041 00410041 0x410041 0031fd28 00410041 00410041 00410041 00410041 0x410041 0031fd2c 00410041 00410041 00410041 00410041 0x410041 0031fd30 00410041 00410041 00410041 00410041 0x410041 0031fd34 00410041 00410041 00410041 00410041 0x410041 0031fd38 00410041 00410041 00410041 00410041 0x410041 0031fd3c 00410041 00410041 00410041 00410041 0x410041 0031fd40 00410041 00410041 00410041 00410041 0x410041 0031fd44 00410041 00410041 00410041 00410041 0x410041 0031fd48 00410041 00410041 00410041 00410041 0x410041 0031fd4c 00410041 00410041 00410041 00410041 0x410041 0031fd50 00410041 00410041 00410041 00410041 0x410041 0031fd54 00410041 00410041 00410041 00410041 0x410041 0031fd58 00410041 00410041 00410041 00410041 0x410041 0031fd5c 00410041 00410041 00410041 00410041 0x410041 0031fd60 00410041 00410041 00410041 00410041 0x410041 0031fd64 00410041 00410041 00410041 00410041 0x410041 0031fd68 00410041 00410041 00410041 00410041 0x410041 0031fd6c 00410041 00410041 00410041 00410041 0x410041 0031fd70 00410041 00410041 00410041 00410041 0x410041 0031fd74 00410041 00410041 00410041 00410041 0x410041 0031fd78 00410041 00410041 00410041 00410041 0x410041 0031fd7c 00410041 00410041 00410041 00410041 0x410041 0031fd80 00410041 00410041 00410041 00410041 0x410041 0031fd84 00410041 00410041 00410041 00410041 0x410041 0031fd88 00410041 00410041 00410041 00410041 0x410041 0031fd8c 00410041 00410041 00410041 00410041 0x410041 0031fd90 00410041 00410041 00410041 00410041 0x410041 0031fd94 00410041 00410041 00410041 00410041 0x410041 0031fd98 00410041 00410041 00410041 00410041 0x410041

PRIMARY_PROBLEM_CLASS: STACK_CORRUPTION

FOLLOWUP_IP: image00a20000+56b3 00a256b3 66890c02 mov word ptr [edx+eax],cx

SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: image00a20000 IMAGE_NAME: image00a20000 SYMBOL_NAME: image00a20000+56b3 STACK_COMMAND: ~0s ; kb BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

0:000> lmvm image00a20000 start end module name 00a20000 00bd2000 image00a20000 (no symbols) Loaded symbol image file: C:Program FilesLenovoSystem Updatemapdrv.exe Image path: image00a20000 Image name: image00a20000 Timestamp: Wed Jun 21 23:36:40 2017 (594B6578) CheckSum: 001BA113 ImageSize: 001B2000 File version: 1.0.0.1 Product version: 1.0.0.1 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 ProductName: Map Network Drive InternalName: mapdrv OriginalFilename: mapdrv.exe ProductVersion: 1, 0, 0, 1 FileVersion: 1, 0, 0, 1 FileDescription: Map Network Drive Application LegalCopyright: Copyright Lenovo 2005, 2006, all rights reserved. Copyright IBM Corporation 1996-2005, all rights reserved.

Solution - Fix & Patch:

Update Lenovo System Update to version 5.07.0072 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting aAbout.a

Lenovo System Update can be updated by choosing either of the following methods:

Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that a new version is available.

Credits & Authors:

S.AbenMassaoud - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud

Disclaimer & Information:

The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.

Domains: www.vulnerability-lab.com www.vuln-lab.com
www.vulnerability-db.com Services: magazine.vulnerability-lab.com paste.vulnerability-db.com
infosec.vulnerability-db.com Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php vulnerability-lab.com/rss/rss_upcoming.php vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php vulnerability-lab.com/register.php vulnerability-lab.com/list-of-bug-bounty-programs.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@) to get a ask permission.

                Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution

Security GmbH]aC/

VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0936",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "system update",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "lenovo",
        "version": "5.07.0072"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "5.06.0027"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.7.19"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.6.34"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.6.0.28"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.6.0.27"
      },
      {
        "model": "system update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.7.72"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.07.0072",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SaifAllah benMassaoud @benmassaou.",
    "sources": [
      {
        "db": "BID",
        "id": "104125"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-9063",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-9063",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-139095",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-9063",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-9063",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-174",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-139095",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. Lenovo System Update Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update is prone to a local buffer-overflow vulnerability because it fails to  adequately bounds-check user-supplied data before copying it into an  insufficiently sized buffer. \nSuccessful exploits may allow attackers to execute arbitrary code with elevated privileges. Failed exploits may result in denial-of-service conditions. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Document Title:\n===============\nLenovo SU v5.07 - Buffer Overflow \u0026 Code Execution Vulnerability\n\n\nReferences (Source):\n====================\nhttps://www.vulnerability-lab.com/get_content.php?id=2131\n\nLenovo Security ID: LEN-19625\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9063\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9063\n\nAcknowledgements: https://support.lenovo.com/us/fr/solutions/len-19625\n\nNews \u0026 Press References:\nhttps://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers\nhttps://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html\n\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9063\n\nCVE-ID:\n=======\nCVE-2018-9063\n\n\nRelease Date:\n=============\n2018-07-12\n\n\nVulnerability Laboratory ID (VL-ID):\n====================================\n2131\n\n\nCommon Vulnerability Scoring System:\n====================================\n7.8\n\n\nVulnerability Class:\n====================\nBuffer Overflow\n\n\nCurrent Estimated Price:\n========================\n4.000a! - 5.000a!\n\n\nAbstract Advisory Information:\n==============================\nThe vulnerability laboratory core research team discovered a local\nbuffer overflow vulnerability in the official Lenovo SU v5.7.x \u0026 v5.6.x. \nsoftware. \n\n\nVulnerability Disclosure Timeline:\n==================================\n2018-05-03: Release Date (Lenovo)\n2018-07-12: Public Disclosure (Vulnerability Laboratory)\n\n\nDiscovery Status:\n=================\nPublished\n\n\nAffected Product(s):\n====================\nLenovo\nProduct: SU (MapDrv - mapdrv.exe) 5.7.19, 5.6.34, 5.6.0.28 \u0026 5.6.0.27\n\n\nExploitation Technique:\n=======================\nLocal\n\n\nSeverity Level:\n===============\nHigh\n\n\nAuthentication Type:\n====================\nRestricted authentication (user/moderator) - User privileges\n\n\nUser Interaction:\n=================\nNo User Interaction\n\n\nDisclosure Type:\n================\nResponsible Disclosure Program\n\n\nTechnical Details \u0026 Description:\n================================\nA local buffer overflow and arbitrary code exeuction has been discovered\nin the official Lenovo SU v5.7.x \u0026 v5.6.x. software. \nThe vulnerability allows to overwrite the active registers of the\nprocess to compromise the affected software by gaining\nhigher system access privileges. \n\nExploitation of the local buffer overflow vulnerability requires no user\ninteraction and system user process privileges of the driver. \nSuccessful exploitation of the buffer overflow vulnerability results in\na compromise of the local system process or affected computer system. \n\nVulnerable Driver:\n[+] MapDrv\n\nAffected Process:\n[+] mapdrv.exe\n\n\nProof of Concept (PoC):\n=======================\nThe vulnerability can be exploited by local attackers with system\nprocess privileges and without user interaction. \nFor security demonstration or to reproduce the vulnerability follow the\nprovided information and steps below. \n\n\n--- Debug Error Exception Session Log (Exception) ---\n(d8c.1988): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \neax=029ab7a0 ebx=0031fe05 ecx=00000041 edx=fd974860 esi=029a9d70\nedi=0031fd04\neip=00a256b3 esp=0031e54c ebp=0031fc70 iopl=0         nv up ei pl nz na\npe nc\ncs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000\nefl=00210206\n*** ERROR: Module load completed but symbols could not be loaded for\nimage00a20000\nimage00a20000+0x56b3:\n00a256b3 66890c02        mov     word ptr [edx+eax],cx\nds:0023:00320000=0000\n\n--- Debug Session Log [Exception Analysis] ---\nFAULTING_IP:\nimage00a20000+56b3\n00a256b3 66890c02        mov     word ptr [edx+eax],cx\n\nEXCEPTION_RECORD:  ffffffff -- (.exr ffffffffffffffff)\nExceptionAddress: 00a256b3 (image00a20000+0x000056b3)\n   ExceptionCode: c0000005 (Access violation)\n  ExceptionFlags: 00000000\nNumberParameters: 2\n   Parameter[0]: 00000001\n   Parameter[1]: 00320000\nAttempt to write to address 00320000\n\nFAULTING_THREAD:  00001988\nPROCESS_NAME:  image00a20000\nFAULTING_MODULE: 77ab0000 ntdll\nDEBUG_FLR_IMAGE_TIMESTAMP:  594b6578\nERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx\nreferenced memory at 0x%08lx. The memory could not be %s. \nWRITE_ADDRESS:  00320000\nBUGCHECK_STR:  ACCESS_VIOLATION\n\nIP_ON_HEAP:  00410041\nThe fault address in not in any loaded module, please check your build\u0027s\nrebase\nlog at \u003creleasedir\u003ebinbuild_logstimebuildntrebase.log for module which may\ncontain the address if it were loaded. \n\nDEFAULT_BUCKET_ID:  WRONG_SYMBOLS\nFRAME ONE INVALID: 1800200000000a\nLAST_CONTROL_TRANSFER:  from 00410041 to 00a256b3\n\nSTACK_TEXT:\nWARNING: Stack unwind information not available. Following frames may be\nwrong. \n0031fc70 00410041 00410041 00410041 00410041 image00a20000+0x56b3\n0031fc74 00410041 00410041 00410041 00410041 0x410041\n0031fc78 00410041 00410041 00410041 00410041 0x410041\n0031fc7c 00410041 00410041 00410041 00410041 0x410041\n0031fc80 00410041 00410041 00410041 00410041 0x410041\n0031fc84 00410041 00410041 00410041 00410041 0x410041\n0031fc88 00410041 00410041 00410041 00410041 0x410041\n0031fc8c 00410041 00410041 00410041 00410041 0x410041\n0031fc90 00410041 00410041 00410041 00410041 0x410041\n0031fc94 00410041 00410041 00410041 00410041 0x410041\n0031fc98 00410041 00410041 00410041 00410041 0x410041\n0031fc9c 00410041 00410041 00410041 00410041 0x410041\n0031fca0 00410041 00410041 00410041 00410041 0x410041\n0031fca4 00410041 00410041 00410041 00410041 0x410041\n0031fca8 00410041 00410041 00410041 00410041 0x410041\n0031fcac 00410041 00410041 00410041 00410041 0x410041\n0031fcb0 00410041 00410041 00410041 00410041 0x410041\n0031fcb4 00410041 00410041 00410041 00410041 0x410041\n0031fcb8 00410041 00410041 00410041 00410041 0x410041\n0031fcbc 00410041 00410041 00410041 00410041 0x410041\n0031fcc0 00410041 00410041 00410041 00410041 0x410041\n0031fcc4 00410041 00410041 00410041 00410041 0x410041\n0031fcc8 00410041 00410041 00410041 00410041 0x410041\n0031fccc 00410041 00410041 00410041 00410041 0x410041\n0031fcd0 00410041 00410041 00410041 00410041 0x410041\n0031fcd4 00410041 00410041 00410041 00410041 0x410041\n0031fcd8 00410041 00410041 00410041 00410041 0x410041\n0031fcdc 00410041 00410041 00410041 00410041 0x410041\n0031fce0 00410041 00410041 00410041 00410041 0x410041\n0031fce4 00410041 00410041 00410041 00410041 0x410041\n0031fce8 00410041 00410041 00410041 00410041 0x410041\n0031fcec 00410041 00410041 00410041 00410041 0x410041\n0031fcf0 00410041 00410041 00410041 00410041 0x410041\n0031fcf4 00410041 00410041 00410041 00410041 0x410041\n0031fcf8 00410041 00410041 00410041 00410041 0x410041\n0031fcfc 00410041 00410041 00410041 00410041 0x410041\n0031fd00 00410041 00410041 00410041 00410041 0x410041\n0031fd04 00410041 00410041 00410041 00410041 0x410041\n0031fd08 00410041 00410041 00410041 00410041 0x410041\n0031fd0c 00410041 00410041 00410041 00410041 0x410041\n0031fd10 00410041 00410041 00410041 00410041 0x410041\n0031fd14 00410041 00410041 00410041 00410041 0x410041\n0031fd18 00410041 00410041 00410041 00410041 0x410041\n0031fd1c 00410041 00410041 00410041 00410041 0x410041\n0031fd20 00410041 00410041 00410041 00410041 0x410041\n0031fd24 00410041 00410041 00410041 00410041 0x410041\n0031fd28 00410041 00410041 00410041 00410041 0x410041\n0031fd2c 00410041 00410041 00410041 00410041 0x410041\n0031fd30 00410041 00410041 00410041 00410041 0x410041\n0031fd34 00410041 00410041 00410041 00410041 0x410041\n0031fd38 00410041 00410041 00410041 00410041 0x410041\n0031fd3c 00410041 00410041 00410041 00410041 0x410041\n0031fd40 00410041 00410041 00410041 00410041 0x410041\n0031fd44 00410041 00410041 00410041 00410041 0x410041\n0031fd48 00410041 00410041 00410041 00410041 0x410041\n0031fd4c 00410041 00410041 00410041 00410041 0x410041\n0031fd50 00410041 00410041 00410041 00410041 0x410041\n0031fd54 00410041 00410041 00410041 00410041 0x410041\n0031fd58 00410041 00410041 00410041 00410041 0x410041\n0031fd5c 00410041 00410041 00410041 00410041 0x410041\n0031fd60 00410041 00410041 00410041 00410041 0x410041\n0031fd64 00410041 00410041 00410041 00410041 0x410041\n0031fd68 00410041 00410041 00410041 00410041 0x410041\n0031fd6c 00410041 00410041 00410041 00410041 0x410041\n0031fd70 00410041 00410041 00410041 00410041 0x410041\n0031fd74 00410041 00410041 00410041 00410041 0x410041\n0031fd78 00410041 00410041 00410041 00410041 0x410041\n0031fd7c 00410041 00410041 00410041 00410041 0x410041\n0031fd80 00410041 00410041 00410041 00410041 0x410041\n0031fd84 00410041 00410041 00410041 00410041 0x410041\n0031fd88 00410041 00410041 00410041 00410041 0x410041\n0031fd8c 00410041 00410041 00410041 00410041 0x410041\n0031fd90 00410041 00410041 00410041 00410041 0x410041\n0031fd94 00410041 00410041 00410041 00410041 0x410041\n0031fd98 00410041 00410041 00410041 00410041 0x410041\n\nPRIMARY_PROBLEM_CLASS:  STACK_CORRUPTION\n\nFOLLOWUP_IP:\nimage00a20000+56b3\n00a256b3 66890c02        mov     word ptr [edx+eax],cx\n\nSYMBOL_STACK_INDEX:  0\nFOLLOWUP_NAME:  MachineOwner\nMODULE_NAME: image00a20000\nIMAGE_NAME:  image00a20000\nSYMBOL_NAME:  image00a20000+56b3\nSTACK_COMMAND:  ~0s ; kb\nBUCKET_ID:  WRONG_SYMBOLS\n\nFollowup: MachineOwner\n---------\n0:000\u003e lmvm image00a20000\nstart    end        module name\n00a20000 00bd2000   image00a20000   (no symbols)\n    Loaded symbol image file: C:Program FilesLenovoSystem Updatemapdrv.exe\n    Image path: image00a20000\n    Image name: image00a20000\n    Timestamp:        Wed Jun 21 23:36:40 2017 (594B6578)\n    CheckSum:         001BA113\n    ImageSize:        001B2000\n    File version:     1.0.0.1\n    Product version:  1.0.0.1\n    File flags:       0 (Mask 3F)\n    File OS:          4 Unknown Win32\n    File type:        1.0 App\n    File date:        00000000.00000000\n    Translations:     0409.04b0\n    ProductName:      Map Network Drive\n    InternalName:     mapdrv\n    OriginalFilename: mapdrv.exe\n    ProductVersion:   1, 0, 0, 1\n    FileVersion:      1, 0, 0, 1\n    FileDescription:  Map Network Drive Application\n    LegalCopyright:   Copyright Lenovo 2005, 2006, all rights reserved. \nCopyright IBM Corporation 1996-2005, all rights reserved. \n\n\nSolution - Fix \u0026 Patch:\n=======================\nUpdate Lenovo System Update to version 5.07.0072 or later. You can\ndetermine the currently installed version by\nopening Lenovo System Update, clicking on the green question mark in the\ntop right corner and then selecting aAbout.a\n\nLenovo System Update can be updated by choosing either of the following\nmethods:\n\nLenovo System Update automatically checks for a later version whenever\nthe application is run. \nClick OK when prompted that a new version is available. \n\n\nCredits \u0026 Authors:\n==================\nS.AbenMassaoud -\nhttps://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud\n\n\nDisclaimer \u0026 Information:\n=========================\nThe information provided in this advisory is provided as it is without\nany warranty. Vulnerability Lab disclaims all warranties,\neither expressed or implied, including the warranties of merchantability\nand capability for a particular purpose. Vulnerability-Lab\nor its suppliers are not liable in any case of damage, including direct,\nindirect, incidental, consequential loss of business profits\nor special damages, even if Vulnerability-Lab or its suppliers have been\nadvised of the possibility of such damages. Some states do\nnot allow the exclusion or limitation of liability for consequential or\nincidental damages so the foregoing limitation may not apply. \nWe do not approve or encourage anybody to break any licenses, policies,\ndeface websites, hack into databases or trade with stolen data. \n\nDomains:    www.vulnerability-lab.com\t\twww.vuln-lab.com\t\t\t\nwww.vulnerability-db.com\nServices:   magazine.vulnerability-lab.com\tpaste.vulnerability-db.com \t\t\ninfosec.vulnerability-db.com\nSocial:\t    twitter.com/vuln_lab\t\tfacebook.com/VulnerabilityLab \t\t\nyoutube.com/user/vulnerability0lab\nFeeds:\t    vulnerability-lab.com/rss/rss.php\nvulnerability-lab.com/rss/rss_upcoming.php\nvulnerability-lab.com/rss/rss_news.php\nPrograms:   vulnerability-lab.com/submit.php\nvulnerability-lab.com/register.php\nvulnerability-lab.com/list-of-bug-bounty-programs.php\n\nAny modified copy or reproduction, including partially usages, of this\nfile requires authorization from Vulnerability Laboratory. \nPermission to electronically redistribute this alert in its unmodified\nform is granted. All other rights, including the use of other\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. \nAll pictures, texts, advisories, source code, videos and other\ninformation on this website is trademark of vulnerability-lab team \u0026 the\nspecific authors or managers. To record, list, modify, use or\nedit our material contact (admin@ or research@) to get a ask permission. \n\n\t\t\t\t    Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution\nSecurity GmbH]aC/\n-- \nVULNERABILITY LABORATORY - RESEARCH TEAM\nSERVICE: www.vulnerability-lab.com\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "PACKETSTORM",
        "id": "148533"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-139095",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-9063",
        "trust": 2.9
      },
      {
        "db": "LENOVO",
        "id": "LEN-19625",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "104125",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "148533",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-139095",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "PACKETSTORM",
        "id": "148533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "id": "VAR-201805-0936",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:33:50.909000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-19625",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/solutions/len-19625"
      },
      {
        "title": "Lenovo System Update Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79879"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/us/en/solutions/len-19625"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/104125"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9063"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9063"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/ie/en/solutions/len-19625"
      },
      {
        "trust": 0.1,
        "url": "https://www.vulnerability-lab.com/get_content.php?id=2131"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers"
      },
      {
        "trust": 0.1,
        "url": "https://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html"
      },
      {
        "trust": 0.1,
        "url": "https://support.lenovo.com/en/documents/ht080136"
      },
      {
        "trust": 0.1,
        "url": "https://support.lenovo.com/us/fr/solutions/len-19625"
      },
      {
        "trust": 0.1,
        "url": "https://www.vulnerability-db.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.vulnerability-lab.com/show.php?user=s.abenmassaoud"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2018-9063"
      },
      {
        "trust": 0.1,
        "url": "https://www.vuln-lab.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "PACKETSTORM",
        "id": "148533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "PACKETSTORM",
        "id": "148533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "date": "2018-05-05T00:00:00",
        "db": "BID",
        "id": "104125"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "date": "2018-07-12T14:44:44",
        "db": "PACKETSTORM",
        "id": "148533"
      },
      {
        "date": "2018-05-04T17:29:00.770000",
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "date": "2018-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-139095"
      },
      {
        "date": "2018-05-05T00:00:00",
        "db": "BID",
        "id": "104125"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "date": "2018-06-13T15:18:23.373000",
        "db": "NVD",
        "id": "CVE-2018-9063"
      },
      {
        "date": "2018-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo System Update Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004915"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-174"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-09157

Vulnerability from cnvd - Published: 2018-05-09

Title

Lenovo System Update缓冲区溢出漏洞

Description

Lenovo System Update是中国联想（Lenovo）公司的一套系统自动更新工具，它包括设备驱动更新、Windows系统补丁更新等。 Lenovo System Update 5.07.0072之前版本中的MapDrv(C:\Program Files\Lenovo\System Update\mapdrv.exe)存在缓冲区溢出漏洞。攻击者可通过输入较大的用户ID或密码利用该漏洞执行任意代码或其他操作。

Severity

高

Patch Name

Lenovo System Update缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/zh/solutions/len-19625

Reference

https://support.lenovo.com/us/en/solutions/LEN-19625

Impacted products

Name
Lenovo System Update <5.07.0072

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-9063"
    }
  },
  "description": "Lenovo System Update\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7cfb\u7edf\u81ea\u52a8\u66f4\u65b0\u5de5\u5177\uff0c\u5b83\u5305\u62ec\u8bbe\u5907\u9a71\u52a8\u66f4\u65b0\u3001Windows\u7cfb\u7edf\u8865\u4e01\u66f4\u65b0\u7b49\u3002\r\n\r\nLenovo System Update 5.07.0072\u4e4b\u524d\u7248\u672c\u4e2d\u7684MapDrv(C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe)\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8f93\u5165\u8f83\u5927\u7684\u7528\u6237ID\u6216\u5bc6\u7801\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5176\u4ed6\u64cd\u4f5c\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/zh/solutions/len-19625",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09157",
  "openTime": "2018-05-09",
  "patchDescription": "Lenovo System Update\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7cfb\u7edf\u81ea\u52a8\u66f4\u65b0\u5de5\u5177\uff0c\u5b83\u5305\u62ec\u8bbe\u5907\u9a71\u52a8\u66f4\u65b0\u3001Windows\u7cfb\u7edf\u8865\u4e01\u66f4\u65b0\u7b49\u3002\r\n\r\nLenovo System Update 5.07.0072\u4e4b\u524d\u7248\u672c\u4e2d\u7684MapDrv(C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe)\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8f93\u5165\u8f83\u5927\u7684\u7528\u6237ID\u6216\u5bc6\u7801\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5176\u4ed6\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo System Update\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Lenovo System Update \u003c5.07.0072"
  },
  "referenceLink": "https://support.lenovo.com/us/en/solutions/LEN-19625",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-08",
  "title": "Lenovo System Update\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-WP87-97VQ-C79X

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-9063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-04T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.",
  "id": "GHSA-wp87-97vq-c79x",
  "modified": "2022-05-14T03:18:34Z",
  "published": "2022-05-14T03:18:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9063"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-9063

Vulnerability from fkie_nvd - Published: 2018-05-04 17:29 - Updated: 2024-11-21 04:14

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@lenovo.com	http://www.securityfocus.com/bid/104125	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/us/en/solutions/LEN-19625	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104125	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/solutions/LEN-19625	Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	system_update	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65FD54-263E-49DD-B6E9-362F33B85C8A",
              "versionEndExcluding": "5.07.0072",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
    },
    {
      "lang": "es",
      "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) en Lenovo System Update, en versiones anteriores a la 5.07.0072, contiene una vulnerabilidad local en la que un atacant que introduzca un ID de usuario o una contrase\u00f1a muy largas puede desbordar el b\u00fafer del programa, provocando comportamientos indefinidos como la ejecuci\u00f3n de c\u00f3digo arbitrario. No se otorgan m\u00e1s privilegios al atacante m\u00e1s all\u00e1 de los que ya se poseen para ejecutar MapDrv."
    }
  ],
  "id": "CVE-2018-9063",
  "lastModified": "2024-11-21T04:14:53.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-04T17:29:00.770",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104125"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-9063

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-9063

Aliases

CVE-2018-9063

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-9063",
    "description": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.",
    "id": "GSD-2018-9063"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-9063"
      ],
      "details": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.",
      "id": "GSD-2018-9063",
      "modified": "2023-12-13T01:22:33.578890Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2018-05-03T00:00:00",
        "ID": "CVE-2018-9063",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo System Update",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Earlier than 5.07.0072"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104125",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104125"
          },
          {
            "name": "https://support.lenovo.com/us/en/solutions/LEN-19625",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.07.0072",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2018-9063"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-19625",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
            },
            {
              "name": "104125",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104125"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-06-13T15:18Z",
      "publishedDate": "2018-05-04T17:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-9063 (GCVE-0-2018-9063)

VAR-201805-0936

References (Source):

CVE-ID:

Release Date:

Vulnerability Laboratory ID (VL-ID):

Common Vulnerability Scoring System:

Vulnerability Class:

Current Estimated Price:

Abstract Advisory Information:

Vulnerability Disclosure Timeline:

Discovery Status:

Affected Product(s):

Exploitation Technique:

Severity Level:

Authentication Type:

User Interaction:

Disclosure Type:

Technical Details & Description:

Proof of Concept (PoC):

Followup: MachineOwner

Solution - Fix & Patch:

Credits & Authors:

Disclaimer & Information:

Security GmbH]aC/

CNVD-2018-09157

GHSA-WP87-97VQ-C79X

FKIE_CVE-2018-9063

GSD-2018-9063

Tags

Sightings

Nomenclature