CVE-2018-10828 Information

Description

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the \ApMsgFwd File Mapping Object\ section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell ThinkPad and VAIO devices.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://support.lenovo.com/us/en/solutions/LEN-25654 https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_exploit_dos.c https://www.exploit-db.com/exploits/44610/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5