Security News > 2016 > June > Lenovo tells users to uninstall vulnerable Accelerator app (Help Net Security)

Lenovo tells users to uninstall vulnerable Accelerator app (Help Net Security)
2016-06-03 14:20

In the wake of Duo Security’s report on the critical vulnerabilities sported by Original Equipment Manufacturer (OEM) updaters loaded on popular laptop and desktop computers, Lenovo has advised users to uninstall its Accelerator Application. “The vulnerability (CVE-2016-3944) resides within the update mechanism where a Lenovo server is queried to identify if application updates are available,” the company explained. The flaw can be exploited by an attacker with local network access to perform remote code execution … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/EVLx5NNT6OQ/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-06-03 CVE-2016-3944 Improper Input Validation vulnerability in Lenovo Accelerator Application
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
network
high complexity
lenovo CWE-20
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lenovo 2278 5 177 158 16 356