A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
Credits
Lenovo thanks China Telecom Corporation Limited Research Institute (Zhang Daoquan, Deng Xiaodong, Wang Wenqun, Wang Yuqi) for reporting this issue.