{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T18:33:34.034","vulnerabilities":[{"cve":{"id":"CVE-2018-9063","sourceIdentifier":"psirt@lenovo.com","published":"2018-05-04T17:29:00.770","lastModified":"2024-11-21T04:14:53.817","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."},{"lang":"es","value":"MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) en Lenovo System Update, en versiones anteriores a la 5.07.0072, contiene una vulnerabilidad local en la que un atacant que introduzca un ID de usuario o una contraseña muy largas puede desbordar el búfer del programa, provocando comportamientos indefinidos como la ejecución de código arbitrario. No se otorgan más privilegios al atacante más allá de los que ya se poseen para ejecutar MapDrv."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*","versionEndExcluding":"5.07.0072","matchCriteriaId":"5F65FD54-263E-49DD-B6E9-362F33B85C8A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104125","source":"psirt@lenovo.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-19625","source":"psirt@lenovo.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-19625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}