Two vulnerabilities in Dell Protected Workspace and Precision Optimizer
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-8732 CVE-2017-2802 |
| CWE-ID | CWE-264 CWE-427 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Dell Protected Workspace Client/Desktop applications / Antivirus software/Personal firewalls Dell Precision Optimizer Client/Desktop applications / Other client software |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU7322
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8732
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists in the ‘InvProtectDrv.sys’ driver component due to weak restrictions on the driver communication channel and additonal insufficient checks. A local attacker can run a specially crafted application to turn off protection mechanisms and gain access to the system.
Update Dell Protected Workspace to version 6.3.0.
Dell Protected Workspace: 5.1.1-22303
External linkshttp://www.talosintelligence.com/reports/TALOS-2016-0246
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insecure DLL loading
EUVDB-ID: #VU7323
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2802
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the poaService.exe service component due to dll hijacking. A local attacker can place a specially crafted “atiadlxx.dll” file in one of directories pointed to by the PATH environment variable and execute arbitrary code on the target system with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Dell Precision Optimizer to version 4.0 or later.
Dell Precision Optimizer: 3.5.5.0
External linkshttp://www.talosintelligence.com/reports/TALOS-2016-0247
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
