Alps Electric ALPINE Touchpad 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 2096232 漏洞类型 信息泄露
发布时间 2020-07-21 更新时间 2020-08-19
CVE编号 CVE-2020-15596 CNNVD-ID CNNVD-202007-1340
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2020070105
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202007-1340
|漏洞详情
Alps Electric ALPINE Touchpad是日本阿尔卑斯电气(Alps Electric)公司的一款触控屏输入设备。 Alps Electric ALPINE Touchpad driver 8.2206.1717.634之前版本中存在安全漏洞。攻击者可利用该漏洞执行恶意代码。
|漏洞EXP
Summary:
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad driver, which might allow an attacker to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always present in the driver package. If an attacker can gain control of one of the DLL search directories, a malicious copy of the DLL can be placed in that directory and make the vulnerable ALPS ALPINE driver component run malicious code in it.
CVE: CVE-2020-15596

CVSS Base Score: 6.4 Medium (if the attacker can get administrative privileges)

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
ALPS ALPINE Touchpad driver
Recommendation:
ALPS ALPINE has worked with OEMs and ODMs to develop software updates that can protect systems from the vulnerability. The solution has been confirmed by AFINE, who discovered and reported the vulnerability.
End users and systems administrators should check with their system manufacturers and system software vendors and apply any available updates as soon as practical.
Acknowledgments:
ALPS ALPINE would like to thank AFINE for finding the vulnerability and validating the solution, as well as the OEM and ODM partners for their support.


Best Regards
Shirley



|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158500/ALPS-ALPINE-Touchpad-DLL-Hijacking.html