>> Lenovo Rescue and Recovery Privilege Escalation Vulnerability
Title : Lenovo Rescue and Recovery Privilege Escalation Vulnerability VUPEN ID : VUPEN/ADV-2008-2806 CVE ID : CVE-2008-4589 CWE ID : CWE-119
Rated as : Moderate Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2008-10-14
Technical Description
A vulnerability has been identified in Lenovo Rescue and Recovery, which could be exploited by local attackers to gain elevated privileges. This issue is caused by a heap overflow error in the "tvtumon.sys" driver when processing an overly long filename passed through the filesystem, which could allow local unprivileged users to crash an affected system or execute arbitrary code with kernel privileges.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
