Lenovo stARstudio Hijack Vulnerability Could Allow Local Attacker to Execute Code with Elevated Privileges
CVE-2024-9046

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Starstudio
Vendor: CVE Published:; 11 October 2024

Summary

A vulnerability identified in Lenovo's stARstudio presents a significant risk due to a DLL hijacking flaw. This issue allows local attackers to execute arbitrary code with elevated privileges, potentially compromising system security and integrity. The vulnerability underscores the need for immediate updates to affected versions of stARstudio to mitigate risks associated with unauthorized code execution and protect sensitive information.

Affected Version(s)

stARstudio 0 < 2020.3.12.34806

References

https://iknow.lenovo.com.cn/detail/423563

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 20, 2024

Credit

Lenovo thanks ggid7788 for reporting this issue.