[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism



_______________________________________________________________________________

Vendor:                 LG, www.lg.com
Affected Products:      LG PC Suite for Windows
Affected Version:       <= 5.3.25.20150529 (Build 18212)
Severity:               High
OVE ID:                 OVE-20161010-0007
________________________________________________________________________________

The LG PC Suite update mechanism is vulnerable to a man-in-the-middle
attack. Through the manipulation of files transmitted over HTTP an
attacker can force the execution of arbitrary code on the target system.
Code is executed with the privileges of the currently logged on user.

LG will not provide software updates to address the issue because the
LG PC Suite reached the end of its product life cycle. The technical
details as well as a possible mitigation is described in the full
advisory at:

https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-004/
________________________________________________________________________________

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/