_______________________________________________________________________________
Vendor: LG, www.lg.com Affected Products: LG PC Suite for Windows Affected Version: <= 5.3.25.20150529 (Build 18212) Severity: High OVE ID: OVE-20161010-0007 ________________________________________________________________________________ The LG PC Suite update mechanism is vulnerable to a man-in-the-middle attack. Through the manipulation of files transmitted over HTTP an attacker can force the execution of arbitrary code on the target system. Code is executed with the privileges of the currently logged on user. LG will not provide software updates to address the issue because the LG PC Suite reached the end of its product life cycle. The technical details as well as a possible mitigation is described in the full advisory at: https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-004/ ________________________________________________________________________________ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
