CVE-2020-7807

DLL Hijacking Vulnerabilities During Installation of LG Electronics Software

Description

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

References

Link	Tags
https://lgsecurity.lge.com/	vendor advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587	third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-7807?: CVE-2020-7807 has been scored as a medium severity vulnerability.
How to fix CVE-2020-7807?: To fix CVE-2020-7807, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-7807 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-7807 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-7807?: CVE-2020-7807 affects LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup).

Description

Categories

CWE-353 – Missing Support for Integrity Check

CWE-354 – Improper Validation of Integrity Check Value

References

Frequently Asked Questions