Latest YouTube Video

Tuesday, October 11, 2016

[FD] BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism

_______________________________________________________________________________ Vendor: LG, www.lg.com Affected Products: LG PC Suite for Windows Affected Version: <= 5.3.25.20150529 (Build 18212) Severity: High OVE ID: OVE-20161010-0007 ________________________________________________________________________________ The LG PC Suite update mechanism is vulnerable to a man-in-the-middle attack. Through the manipulation of files transmitted over HTTP an attacker can force the execution of arbitrary code on the target system. Code is executed with the privileges of the currently logged on user. LG will not provide software updates to address the issue because the LG PC Suite reached the end of its product life cycle. The technical details as well as a possible mitigation is described in the full advisory at: http://ift.tt/2dNTIRF ________________________________________________________________________________ _______________________________________________ Sent through the Full Disclosure mailing list http://ift.tt/1SQVv8t Web Archives & RSS: http://ift.tt/Vn2J4u

Source: Gmail -> IFTTT-> Blogger

No comments: