CVE-2018-10828

MEDIUM

Alps Pointing-device Driver - Improper Input Validation

Title source: rule

Description

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.

Exploits (1)

exploitdb WORKING POC

by Souhail Hammou · cdoswindows

https://www.exploit-db.com/exploits/44610

View Code ZIP pw:eip

References (3)

[Various Sources] http://support.lenovo.com/us/en/solutions/LEN-25654

[Third Party Advisory] https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-10828/apmsgfwd_exploit_dos.c

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44610/

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 44.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

alps/pointing-device_driver 10.1.101.207

Published May 09, 2018

Tracked Since Feb 18, 2026