Vulnerabilities > Lenovo > System Update > 5.06.0027
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-04 | CVE-2018-9063 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 4.6 |
2017-10-03 | CVE-2015-6971 | Command Injection vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 7.2 |
2015-05-12 | CVE-2015-2234 | Race Condition vulnerability in Lenovo System Update 5.06.0027 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | 6.9 |
2015-05-12 | CVE-2015-2233 | Cryptographic Issues vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | 8.3 |
2015-05-12 | CVE-2015-2219 | Permissions, Privileges, and Access Controls vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | 7.2 |