CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4589

HIGH
7.2
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile18.13th
PublishedOct 15, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.

Affected Platforms (CPE)

πŸ“¦
Lenovo

Resuce And Recovery

= 4.20
πŸ“¦
Lenovo

Resuce And Recovery

= 4.20.0511
πŸ“¦
Lenovo

Resuce And Recovery

= 4.20.0512

References & Advisories

πŸ”— http://secunia.com/advisories/32252
πŸ”— http://securityreason.com/securityalert/4421
πŸ”— http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html
πŸ”— http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html
πŸ”— http://www.isecpartners.com/advisories/2008-02-lenovornr.txt
πŸ”— http://www.securityfocus.com/archive/1/497277/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31737
πŸ”— http://www.securitytracker.com/id?1021041

Related Vulnerabilities

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-266310.0

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p23...