LG PC Suite for Windows versions 5.3.25.20150529 (Build 18212) and below suffer from a man-in-the-middle vulnerability.
4a9f021d64da18c6aef5a1e09483630a61f41192180d89869816d04626c05dad_______________________________________________________________________________
Vendor: LG, www.lg.com
Affected Products: LG PC Suite for Windows
Affected Version: <= 5.3.25.20150529 (Build 18212)
Severity: High
OVE ID: OVE-20161010-0007
________________________________________________________________________________
The LG PC Suite update mechanism is vulnerable to a man-in-the-middle
attack. Through the manipulation of files transmitted over HTTP an
attacker can force the execution of arbitrary code on the target system.
Code is executed with the privileges of the currently logged on user.
LG will not provide software updates to address the issue because the
LG PC Suite reached the end of its product life cycle. The technical
details as well as a possible mitigation is described in the full
advisory at:
https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-004/
________________________________________________________________________________
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed