what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ALPS ALPINE Touchpad DLL Hijacking

ALPS ALPINE Touchpad DLL Hijacking
Posted Jul 21, 2020
Authored by Caiyuan Xie

A DLL hijacking vulnerability was found in the ALPS ALPINE Touchpad driver, which might allow an attacker to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.

tags | advisory
systems | windows
advisories | CVE-2020-15596
SHA-256 | 43d74141ddaca40ed5d409ad2554f74b67e55ae932e8c249345842609d08915d

ALPS ALPINE Touchpad DLL Hijacking

Change Mirror Download
Summary:
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad driver, which might allow an attacker to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always present in the driver package. If an attacker can gain control of one of the DLL search directories, a malicious copy of the DLL can be placed in that directory and make the vulnerable ALPS ALPINE driver component run malicious code in it.
CVE: CVE-2020-15596

CVSS Base Score: 6.4 Medium (if the attacker can get administrative privileges)

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
ALPS ALPINE Touchpad driver
Recommendation:
ALPS ALPINE has worked with OEMs and ODMs to develop software updates that can protect systems from the vulnerability. The solution has been confirmed by AFINE, who discovered and reported the vulnerability.
End users and systems administrators should check with their system manufacturers and system software vendors and apply any available updates as soon as practical.
Acknowledgments:
ALPS ALPINE would like to thank AFINE for finding the vulnerability and validating the solution, as well as the OEM and ODM partners for their support.


Best Regards
Shirley



Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close