CVE-2017-2802

Published: Apr 24, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.

Affected (1)

Products: Dell: Precision Optimizer

1 product

Precision Optimizer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Precision Optimizer	Version 3.5.5.0

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

http://www.securityfocus.com/bid/99360

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/99360

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.