Vulnerability Details CVE-2018-10828
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://support.lenovo.com/us/en/solutions/LEN-25654
- https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_exploit_dos.c
- https://www.exploit-db.com/exploits/44610/
- http://support.lenovo.com/us/en/solutions/LEN-25654
- https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_exploit_dos.c
- https://www.exploit-db.com/exploits/44610/
Products affected by CVE-2018-10828
-
cpe:2.3:a:alps:pointing-device_driver:10.1.101.207