Lenovo Security Advisory:* LEN-2015-066
Potential Impact: Escalation of Privileges
Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite (included with ThinkPad Precision Wireless Mouse –part number 0B47161).
The Lenovo Mouse Suite application provides enhanced mouse functionality allowing users to configure mouse buttons as well as the scroll wheel to take advantage of Windows 8 functions and shortcuts such as auto-scroll, double click, copy, delete, and more. A vulnerability has been identified where a user with local privileges may be able to run files as an administrator when using the Lenovo Mouse Suite application.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to Lenovo Mouse Suite 6.73 here
To determine what version of Mouse Suite you have installed, go to Control Panel and click on “Mouse”. If Mouse Suite is installed, there will be a tab labeled “Lenovo” where the current version can be viewed in the lower right corner.
ThinkPad Precision Wireless Mouse (0B47161) - Lenovo Mouse Suite version 6.72 and prior
Thanks to Adrien Jolibert of Excellium Services for reporting this vulnerability.
Other information and references:
CVE ID: CVE-2015-4596
1.0 | 19 Aug 2015 | Initial release