DLL Hijacking Vulnerabilities During Installation of LG Electronics Software
CVE-2020-7807

5.6MEDIUM

Key Information:

Vendor

Lg Electronics

Status
(lgpcsuite Setup), (ipsfullhd, Lg Ultrawide, Ultra Hd Driver Setup)
Vendor
CVE Published:
14 September 2020

What is CVE-2020-7807?

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in COMPONENT of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ATTACKER/ATTACK to cause IMPACT. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) Windows(x86, x64) IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup.exe 1.0.0.3

(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) Windows(x86, x64) LGPCSuite_Setup.exe 1.0.0.9

References

https://lgsecurity.lge.com/
x_refsource_MISC
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_w...
x_refsource_MISC

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eran Shimony
JSON
.