Arbitrary Code Execution with LocalSystem Privileges in Lenovo Solution Center (LSC)

Arbitrary Code Execution with LocalSystem Privileges in Lenovo Solution Center (LSC)

CVE-2016-5249 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.

Learn more about our User Device Pen Test.