CVE-2017-3757
HIGHElanTech Touchpad Driver - Unquoted Service Path Privilege Escalation
Title source: llmDescription
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-14390
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (2)
emc/elan_touchpad_driver
< 11.4.1.6
Lenovo Group Ltd./Lenovo ElanTech Touchpad driver
various versions
Published
Aug 29, 2017
Tracked Since
Feb 18, 2026