Lenovo · Lenovo Rescue/Recovery · CVE-2008-4589
**Name of the Vulnerable Software and Affected Versions**
Lenovo Rescue and Recovery versions 4.20.0511 through 4.20.0512
Lenovo Rescue and Recovery version 4.20
**Description**
A heap-based buffer overflow issue exists in the tvtumin.sys kernel driver, allowing local users to execute arbitrary code via a long file name.
**Recommendations**
For Lenovo Rescue and Recovery version 4.20, update to a version that addresses this issue.
For Lenovo Rescue and Recovery versions 4.20.0511 through 4.20.0512, update to a version that addresses this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.