Lenovo Mouse Suite Escalation of Privileges

Lenovo Security Advisory: LEN-2015-066 **Potential Impact:**Escalation of Privileges Severity: High

Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite (included with ThinkPad Precision Wireless Mouse –part number 0B47161).

Description:
The Lenovo Mouse Suite application provides enhanced mouse functionality allowing users to configure mouse buttons as well as the scroll wheel to take advantage of Windows 8 functions and shortcuts such as auto-scroll, double click, copy, delete, and more. A vulnerability has been identified where a user with local privileges may be able to run files as an administrator when using the Lenovo Mouse Suite application.

Mitigation Strategy for Customers (what you should do to protect yourself):
Update to Lenovo Mouse Suite 6.73 here

To determine what version of Mouse Suite you have installed, go to Control Panel and click on “Mouse”. If Mouse Suite is installed, there will be a tab labeled “Lenovo” where the current version can be viewed in the lower right corner.

Product Impact:
ThinkPad Precision Wireless Mouse (0B47161) - Lenovo Mouse Suite version 6.72 and prior

Acknowledgements:
Thanks to Adrien Jolibert of Excellium Services for reporting this vulnerability.

Other information and references:

CVE ID: CVE-2015-4596

Revision History:

Revision

|

Date

|

Description

—|—|—
1.0 |** 19 Aug 2015**|** Initial release**