Lenovo Security Advisory: LEN-2015-066 **Potential Impact:**Escalation of Privileges Severity: High
Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite (included with ThinkPad Precision Wireless Mouse βpart number 0B47161).
Description:
The Lenovo Mouse Suite application provides enhanced mouse functionality allowing users to configure mouse buttons as well as the scroll wheel to take advantage of Windows 8 functions and shortcuts such as auto-scroll, double click, copy, delete, and more. A vulnerability has been identified where a user with local privileges may be able to run files as an administrator when using the Lenovo Mouse Suite application.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to Lenovo Mouse Suite 6.73 here
To determine what version of Mouse Suite you have installed, go to Control Panel and click on βMouseβ. If Mouse Suite is installed, there will be a tab labeled βLenovoβ where the current version can be viewed in the lower right corner.
Product Impact:
ThinkPad Precision Wireless Mouse (0B47161) - Lenovo Mouse Suite version 6.72 and prior
Acknowledgements:
Thanks to Adrien Jolibert of Excellium Services for reporting this vulnerability.
Other information and references:
CVE ID: CVE-2015-4596
Revision History:
Revision
|
Date
|
Description
β|β|β
1.0 |** 19 Aug 2015**|** Initial release**