Sign-up

ID

VAR-201706-0198


CVE

CVE-2015-4596


TITLE

Lenovo Mouse Suite Vulnerable to arbitrary code execution with administrator privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-007615

DESCRIPTION

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. Lenovo Mouse Suite is a mouse button configuration application program of China Lenovo (Lenovo). The program can support the user to configure the functions of the mouse buttons and the scroll wheel. An elevation of privilege vulnerability exists in Lenovo Mouse Suite prior to 6.73

Trust: 1.71

sources: NVD: CVE-2015-4596 // JVNDB: JVNDB-2015-007615 // VULHUB: VHN-82557

AFFECTED PRODUCTS

vendor:lenovomodel:mouse suitescope:lteversion:6.72

Trust: 1.0

vendor:lenovomodel:mouse suitescope:ltversion:6.73

Trust: 0.8

vendor:lenovomodel:mouse suitescope:eqversion:6.72

Trust: 0.6

sources: JVNDB: JVNDB-2015-007615 // CNNVD: CNNVD-201706-648 // NVD: CVE-2015-4596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4596
value: HIGH

Trust: 1.0

NVD: CVE-2015-4596
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-648
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82557
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4596
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82557
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-4596
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-82557 // JVNDB: JVNDB-2015-007615 // CNNVD: CNNVD-201706-648 // NVD: CVE-2015-4596

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82557 // JVNDB: JVNDB-2015-007615 // NVD: CVE-2015-4596

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201706-648

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201706-648

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007615

PATCH
title:LEN-2015-066url:https://support.lenovo.com/jp/ja/product_security/len_2015_066
Trust: 0.8
title:Lenovo Mouse Suite Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71237
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007615 // 
            
            
            
            CNNVD: CNNVD-201706-648

EXTERNAL IDS
db:NVDid:CVE-2015-4596
Trust: 2.5
db:JVNDBid:JVNDB-2015-007615
Trust: 0.8
db:CNNVDid:CNNVD-201706-648
Trust: 0.7
db:VULHUBid:VHN-82557
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82557 // 
            
            
            
            JVNDB: JVNDB-2015-007615 // 
            
            
            
            CNNVD: CNNVD-201706-648 // 
            
            
            
            NVD: CVE-2015-4596

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len_2015_066
Trust: 1.7
url:https://cds.thalesgroup.com/en/tcs-cert/cve-2015-4596
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4596
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-4596
Trust: 0.8
sources:
            
            
            VULHUB: VHN-82557 // 
            
            
            
            JVNDB: JVNDB-2015-007615 // 
            
            
            
            CNNVD: CNNVD-201706-648 // 
            
            
            
            NVD: CVE-2015-4596

SOURCES
db:VULHUBid:VHN-82557
db:JVNDBid:JVNDB-2015-007615
db:CNNVDid:CNNVD-201706-648
db:NVDid:CVE-2015-4596

LAST UPDATE DATE
2025-05-30T23:22:43.033000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82557date:2017-06-28T00:00:00
db:JVNDBid:JVNDB-2015-007615date:2017-07-12T00:00:00
db:CNNVDid:CNNVD-201706-648date:2017-07-11T00:00:00
db:NVDid:CVE-2015-4596date:2025-05-30T16:15:22.183

SOURCES RELEASE DATE
db:VULHUBid:VHN-82557date:2017-06-13T00:00:00
db:JVNDBid:JVNDB-2015-007615date:2017-07-12T00:00:00
db:CNNVDid:CNNVD-201706-648date:2017-06-29T00:00:00
db:NVDid:CVE-2015-4596date:2017-06-13T16:29:00.230