CVE-2019-6165

Description

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.

Remediation

Solution:

Lenovo is not releasing updates to mitigate this vulnerability and users should uninstall PaperDisplay Hotkey Service. The Night light feature in Windows 10 provides similar functionality of the PaperDisplay Hotkey Service.

References

Link	Tags
https://support.lenovo.com/solutions/LEN-27569	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-6165?: CVE-2019-6165 has been scored as a high severity vulnerability.
How to fix CVE-2019-6165?: To fix CVE-2019-6165: Lenovo is not releasing updates to mitigate this vulnerability and users should uninstall PaperDisplay Hotkey Service. The Night light feature in Windows 10 provides similar functionality of the PaperDisplay Hotkey Service.
Is CVE-2019-6165 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-6165 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-6165?: CVE-2019-6165 affects Lenovo PaperDisplay Hotkey Service.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-426 – Untrusted Search Path

References

Frequently Asked Questions