Уязвимости Угрозы

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10572
Multiple vulnerabilities in Lenovo System Update

Обновлено: 03/06/2020
Дата обнаружения
 14/04/2015
Уровень угрозы
 Critical
Описание

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges.

Below is a complete list of vulnerabilities

  1. Lack of command piping restrictions can be exploited locally via named pipe manipulations;
  2. Lack of file signatures verification can be exploited remotely via a specially designed executable files;
  3. Lack of directory permissions restrictions can be exploited locally via a files manipulations.
Пораженные продукты

Lenovo System Update versions earlier than 5.06.0034
Решение

Update to the latest version
Get Lenovo System Update
Первичный источник обнаружения
 IOActive advisory
Lenovo advisory
Оказываемое влияние
?
SB 
[?]

PE 
[?]
Связанные продукты
 Lenovo System Update
CVE-IDS
CVE-2015-22346.9High
CVE-2015-22338.3Critical
CVE-2015-22197.2High
Узнай статистику распространения уязвимостей в твоем регионе
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up