Dira v Lenovo Solution Center

[Puppy]

Okamzite odinstalujte Lenovo Solution Center, dira jak vrata

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF http://www.kb.cert.org/vuls/id/294607

Impact

By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.

Lenovo Security Advisory: LEN-4326 https://support.lenovo.com/us/en/produc ... y/len_4326

Zajimalo by me kam chodi na tu "sw architekturu", protoze tohle neni uz jen bezna chyba co se stane, tohle je absolutne nesmyslne navrzene cele, podle toho popisu.

[Puppy]

Udajne je to opravene https://forums.lenovo.com/t5/Security-M ... true#M2250

The patched version 2.8.006 and 3.2.002 are released today for self update through LSC and should be available for download via the support site soon - perhaps as early as tommorow.

[Python.P]

Článek na LBCZ bude zítra, respektive dnes. Holt jsme čekali na ofiko vyjádření Lenova...