| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Oct 2016 14:56:35 +0200 From: Blue Frost Security Research Lab <research@...efrostsecurity.de> To: undisclosed-recipients: ; Subject: [FD] BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism _______________________________________________________________________________ Vendor: LG, www.lg.com Affected Products: LG PC Suite for Windows Affected Version: <= 5.3.25.20150529 (Build 18212) Severity: High OVE ID: OVE-20161010-0007 ________________________________________________________________________________ The LG PC Suite update mechanism is vulnerable to a man-in-the-middle attack. Through the manipulation of files transmitted over HTTP an attacker can force the execution of arbitrary code on the target system. Code is executed with the privileges of the currently logged on user. LG will not provide software updates to address the issue because the LG PC Suite reached the end of its product life cycle. The technical details as well as a possible mitigation is described in the full advisory at: https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-004/ ________________________________________________________________________________ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists