Home Vulnerabilities Code Execution vulnerability has been discovered in Pre-Installed Dell packages
Vulnerabilities

Code Execution vulnerability has been discovered in Pre-Installed Dell packages

by Unallocated Author
written by Unallocated Author

Security researchers at Cisco found three vulnerabilities in Pre-Installed Dell packages. These vulnerabilities could enable attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.

VULNERABILITY DETAILS:

– Privilege Escalation (CVE-2016-9038):
The flaw is triggered by sending crafted data to the “\Device\SandboxDriverApi” device driver which has the read/write permission and is available to everyone. A successful exploitation results in an arbitrary value written to kernel memory space, which can lead to local privilege escalation.

– Protection Bypass (CVE-2016-8732):
The vulnerability virtually enables an attacker to disable protection protocols in Dell’s systems.

“Invincea Dell Protected Workspace is a security solution offered by Dell that seeks to provide enhanced protection for endpoints. Multiple security flaws exist within one of the driver components, ‘InvProtectDrv.sys’ that is included in version 5.1.1-22303 of this software. Due to weak restrictions on the driver communications channel, as well as insufficient validation, an attacker controlled application that is executed on an affected system could leverage this driver to effectively disable some of the protection mechanisms provided by the software.”

 

– Protection Bypass (CVE-2017-2802):
This vulnerability allows an attacker to execute arbitrary code.

“During the start of ‘Dell PPO Service’, supplied by Dell Precision Optimizer application, the program “c:\Program Files\Dell\PPO\poaService.exe” loads the dll, “c:\Program Files\Dell\PPO\ati.dll”. This in turn attempts to load “atiadlxx.dll”, which is not present by default in the application directory. The program searches for an appropriately named dll in the directories specified by the PATH environment variable. If it finds a dll with the same name, it will load the dll into poaService.exe without checking the signature of the dll. This can lead to execution of arbitrary code if an attacker supplies a malicious dll of the correct name. “

Dell users are recommended to upgrade the Dell pre-installed software immediately to prevent any major attacks.

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

You may also like

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Unsaflok Flaws Allow Unlocking Saflok Door Locks With...

New Loop DoS Attack Can Cause Indefinite System...

This Acoustic Side-Channel Attack Steals Keystrokes Via Typing...

New GhostRace Vulnerability In CPUs May Leak Data

Microsoft Addressed ~60 Vulnerabilities With March Patch Tuesday

Apple Addressed Two iOS Zero-Days With Latest Updates