CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9063

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.3%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

Products affected by CVE-2018-9063

Lenovo » System Update » Version: N/A

cpe:2.3:a:lenovo:system_update:-
Lenovo » System Update » Version: 5.06.0027

cpe:2.3:a:lenovo:system_update:5.06.0027
Lenovo » System Update » Version: 5.06.0034

cpe:2.3:a:lenovo:system_update:5.06.0034
Lenovo » System Update » Version: 5.06.0043

cpe:2.3:a:lenovo:system_update:5.06.0043
Lenovo » System Update » Version: 5.07.0008

cpe:2.3:a:lenovo:system_update:5.07.0008
Lenovo » System Update » Version: 5.07.0013

cpe:2.3:a:lenovo:system_update:5.07.0013
Lenovo » System Update » Version: 5.07.0019

cpe:2.3:a:lenovo:system_update:5.07.0019

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9063

Products

Pricing

Contact Us