Local Code Execution Vulnerability in Lenovo Solution Center by Lenovo
CVE-2016-5249
7.8HIGH
What is CVE-2016-5249?
The Lenovo Solution Center prior to version 3.3.003 contains a vulnerability that could allow local users to execute arbitrary code with elevated LocalSystem privileges. This exploitation occurs through the misconfiguration of the StartProxy command within the LSC.Services.SystemService, where a named pipe is expected to be created in advance along with a specially crafted .NET assembly. Local users can leverage this flaw to gain unauthorized access and control over the system.