Lenovo Emulator Hijack Vulnerability Allows Local Attacker Execution with Elevated Privileges
CVE-2024-4131

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Emulator
Vendor: CVE Published:; 11 October 2024

Summary

A DLL hijacking vulnerability in Lenovo Emulator poses significant risks, allowing local attackers to execute arbitrary code with heightened privileges. This security flaw can be exploited by malicious actors who have access to the vulnerable software environment, potentially leading to unauthorized actions on a compromised system. Users of affected versions are urged to implement mitigation strategies to safeguard their systems against potential exploitation.

Affected Version(s)

Emulator 0 < 9.1.6

References

https://iknow.lenovo.com.cn/detail/423563

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Apr 24, 2024

Credit

Lenovo thanks ggid7788 for reporting this issue.