CVE-2018-3700

Published: Feb 18, 2019Modified: Nov 21, 2024

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.

Affected (1)

Products: Intel: Usb 3.0 Extensible Host Controller Driver

Intel

1 product

Usb 3.0 Extensible Host Controller Driver

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Usb 3.0 Extensible Host Controller Driver	Before 5.0.4.43v2

Running on/with	Platform Versions
Microsoft Windows 7	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.securityfocus.com/bid/107073

Source: secure@intel.com

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00200.html

Source: secure@intel.com

PatchVendor Advisory

http://www.securityfocus.com/bid/107073

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00200.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.