VULHUB ™

Security Objectives Advisory - Lenovo System Update allows arbitrary update executables to be downloaded and installed from a rogue server. The Client DLL does not perform certificate chain verification when initiating an SSL connection with the server. Version 3.13.0005 Build date 2008-1-3 is affected. Other versions may also be affected.

Security Objectives Advisory - Lenovo System Update allows arbitrary update executables to be downloaded and installed from a rogue server. The Client DLL does not perform certificate chain verification when initiating an SSL connection with the server. Version 3.13.0005 Build date 2008-1-3 is affected. Other versions may also be affected.