CVE-2020-7807

MEDIUM

LGPCSuite_Setup <1.0.0.3 - Code Injection

Title source: llm

Description

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

References (2)

[Vendor Advisory] https://lgsecurity.lge.com/

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587

Scores

CVSS v3 5.6

EPSS 0.0003

EPSS Percentile 7.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-353 CWE-354

Status published

Products (4)

lg/ipsfullhd 1.0.0.3

lg/lg_ultrawide 1.0.0.3

lg/lgpcsuite_setup 1.0.0.9

lg/ultra_hd_driver_setup 1.0.0.3

Published Sep 14, 2020

Tracked Since Feb 18, 2026