Vulnerability Description
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Usb Enhanced Performance Keyboard | <= 2.0.2.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/74196Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/usbenhancedkeyboardPatchVendor Advisory
- http://www.securityfocus.com/bid/74196Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/usbenhancedkeyboardPatchVendor Advisory
FAQ
What is CVE-2015-3320?
CVE-2015-3320 is a vulnerability with a CVSS score of 2.1 (LOW). Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
How severe is CVE-2015-3320?
CVE-2015-3320 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3320?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Usb Enhanced Performance Keyboard.