"The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control," PTP explained. "In this scenario, a low-privileged user can write a 'hardlink' file to the controllable location – a pseudofile which really points to any other file on the system that the low-privileged user doesn't have control of."
Lenovo crapware opens up your PC to hackers
Posted on Monday, August 26 2019 @ 9:53 CEST by Thomas De Maesschalck