A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
Fixes

Solution

Update Lenovo App Store to version 9.0.17 or later.


Workaround

No workaround given by the vendor.

References
History

Thu, 17 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Lenovo
Lenovo app Store
CPEs cpe:2.3:a:lenovo:app_store:-:*:*:*:*:*:*:*
Vendors & Products Lenovo
Lenovo app Store
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Description A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2024-10-11T17:52:59.940Z

Reserved: 2024-04-24T13:34:10.105Z

Link: CVE-2024-4130

cve-icon Vulnrichment

Updated: 2024-10-11T17:52:53.479Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-11T16:15:13.840

Modified: 2024-10-17T19:41:06.967

Link: CVE-2024-4130

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.