CVE-2016-8225 - Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earl

CVE-2016-8225

Summary

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.

References

http://www.securityfocus.com/bid/95842
https://support.lenovo.com/us/en/solutions/LEN-11588

Vulnerable Configurations

cpe:2.3:a:lenovo:edge_keyboard_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:lenovo:edge_keyboard_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:lenovo:slim_usb_keyboard_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:lenovo:slim_usb_keyboard_driver:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 01-02-2017 - 02:59)
Impact:
Exploitability:

CWE

CWE-428

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	95842
confirm	https://support.lenovo.com/us/en/solutions/LEN-11588

Last major update

01-02-2017 - 02:59

Published

26-01-2017 - 17:59

Last modified

01-02-2017 - 02:59