Privilege escalation vulnerabilities in Lenovo Solution Center

Описание

Multiple serious vulnerabilities have been found in Lenovo Solution Center. Malicious users can exploit these vulnerabilities to gain privileges.

Below is a complete list of vulnerabilities

1. An unknown vulnerability at SystemService can be exploited locally to terminate arbitrary process via StopProxy command;
2. An unknown vulnerability at SystemService can be exploited locally via StartProxy command to conduct execute arbitrary code with LocalSystem privileges.

Первичный источник обнаружения

• Lenovo advisory
  

Связанные продукты

• Lenovo-Solution-Center

Список CVE

• CVE-2016-5248
  warning
• CVE-2016-5249
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com