Dira v Lenovo Solution Center
Napsal: 08 pro 2015 22:13
Okamzite odinstalujte Lenovo Solution Center, dira jak vrata
Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF http://www.kb.cert.org/vuls/id/294607
Impact
By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.
Lenovo Security Advisory: LEN-4326 https://support.lenovo.com/us/en/produc ... y/len_4326
Zajimalo by me kam chodi na tu "sw architekturu", protoze tohle neni uz jen bezna chyba co se stane, tohle je absolutne nesmyslne navrzene cele, podle toho popisu.
Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF http://www.kb.cert.org/vuls/id/294607
Impact
By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.
Lenovo Security Advisory: LEN-4326 https://support.lenovo.com/us/en/produc ... y/len_4326
Zajimalo by me kam chodi na tu "sw architekturu", protoze tohle neni uz jen bezna chyba co se stane, tohle je absolutne nesmyslne navrzene cele, podle toho popisu.