CVE-2018-10828
low-risk
Published 2018-05-09
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
Do I need to act?
-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Pointing-Device Driver
Affected Vendors
References (6)
Third Party Advisory
https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_ex...
Third Party Advisory
https://www.exploit-db.com/exploits/44610/
Third Party Advisory
https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_ex...
Third Party Advisory
https://www.exploit-db.com/exploits/44610/
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal