CVE-2015-2233 Information

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

Reference

http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74642