Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Advisory:[CVE-2021-27971]Alps Alpine DLL Injection Issue

Related Vulnerabilities: CVE-2021-27971  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="53"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#54">By Date</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="53"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#54">By Thread</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Advisory:[CVE-2021-27971]Alps Alpine DLL Injection Issue</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Xiaojian Cao &lt;xiaojian.cao () cn alps com&gt;


<em>Date</em>: Thu, 20 Jan 2022 06:35:02 +0000


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Summary:
A vulnerability to DLL Injection attacks was found in the Alps Alpine Touchpad driver, which might allow an attacker to 
access the kernel area memory. Alps Alpine has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver contains a Improper Access Control vulnerability. A low privilege user with local 
access to the system could carry out this vulnerability in order to gain arbitrary code execution on the system.
CVE: CVE-2021-27971
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
ALPS ALPINE Touchpad driver
Recommendation:
ALPS ALPINE has worked with OEMs and ODMs to develop software updates that can protect systems from the vulnerability.
End users and systems administrators should check with their system manufacturers and system software vendors and apply 
any available updates as soon as practical.
Acknowledgments:
ALPS ALPINE would like to thank Home Depot for finding the vulnerability, as well as the OEM and ODM partners for the 
supporting and testing works.


Best Regards,
---------------------------------------------------------------------------------------------
Jason Cao (曹晓建)
[cid:image001.jpg@01D80E0A.E7DF42E0]
ALPS Communication Devices Technology (Shanghai) Co., LTD.
Room No. 5A, 710 Dongfang Rd., Shanghai, China
Post Code: 200122
Tel: (+86)21-5081-7575&lt;tel:021-5081-7575&gt; ext: 506

</pre><p><a href="att-54/image001.jpg"><img src="att-54/image001.jpg"></a></p>
<pre style="margin: 0em;">
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="53"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#54">By Date</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="53"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#54">By Thread</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>Advisory:[CVE-2021-27971]Alps Alpine DLL Injection Issue</strong> <em>Xiaojian Cao (Jan 24)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started