Vulnerability Description
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Update | < 5.07.0072 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104125Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/solutions/LEN-19625Vendor Advisory
- http://www.securityfocus.com/bid/104125Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/solutions/LEN-19625Vendor Advisory
FAQ
What is CVE-2018-9063?
CVE-2018-9063 is a vulnerability with a CVSS score of 7.8 (HIGH). MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or passwo...
How severe is CVE-2018-9063?
CVE-2018-9063 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9063?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Update.