Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue

Related Vulnerabilities: CVE-2020-15596  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="29"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#30">By Date</a>
<a href="31"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="29"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#30">By Thread</a>
<a href="31"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Caiyuan Xie &lt;caiyuan.xie () cn alps com&gt;


<em>Date</em>: Fri, 17 Jul 2020 08:29:11 +0000


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Summary:
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad driver, which might allow an attacker 
to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always present in the driver package. If an attacker 
can gain control of one of the DLL search directories, a malicious copy of the DLL can be placed in that directory and 
make the vulnerable ALPS ALPINE driver component run malicious code in it.
CVE: CVE-2020-15596

CVSS Base Score: 6.4 Medium (if the attacker can get administrative privileges)

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
ALPS ALPINE Touchpad driver
Recommendation:
ALPS ALPINE has worked with OEMs and ODMs to develop software updates that can protect systems from the vulnerability. 
The solution has been confirmed by AFINE, who discovered and reported the vulnerability.
End users and systems administrators should check with their system manufacturers and system software vendors and apply 
any available updates as soon as practical.
Acknowledgments:
ALPS ALPINE would like to thank AFINE for finding the vulnerability and validating the solution, as well as the OEM and 
ODM partners for their support.


Best Regards
Shirley


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="29"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#30">By Date</a>
<a href="31"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="29"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#30">By Thread</a>
<a href="31"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue</strong> <em>Caiyuan Xie (Jul 21)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started