A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
Credits
Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue
