KLA10572
Multiple vulnerabilities in Lenovo System Update
Обновлено: 17/06/2019
Дата обнаружения
14/04/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges.

Below is a complete list of vulnerabilities

  1. Lack of command piping restrictions can be exploited locally via named pipe manipulations;
  2. Lack of file signatures verification can be exploited remotely via a specially designed executable files;
  3. Lack of directory permissions restrictions can be exploited locally via a files manipulations.
Пораженные продукты

Lenovo System Update versions earlier than 5.06.0034

Решение

Update to the latest version
Get Lenovo System Update

Первичный источник обнаружения
IOActive advisory
Lenovo advisory
Оказываемое влияние
?
SB 
[?]

PE 
[?]
CVE-IDS