CVE-2020-7807 – DLL Hijacking Vulnerabilities During Installation of LG Electronics Software

https://notcve.org/view.php?id=CVE-2020-7807

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). Una vulnerabilidad que puede secuestrar un archivo DLL que es cargado durante la instalación de productos (LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) en un archivo DLL que el hacker desea. Un falta de soporte para la vulnerabilidad de comprobación de integridad en ____COMPONENT____ de LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) permite a ____ ATTACKER / ATTACK ____ causar ____IMPACT____. • https://lgsecurity.lge.com https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587 • CWE-353: Missing Support for Integrity Check CWE-354: Improper Validation of Integrity Check Value •