Privilege escalation in Dell Protected Workspace and Invicea-X
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-9038 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Dell Protected Workspace Client/Desktop applications / Antivirus software/Personal firewalls Invicea-X Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor |
Dell Invicea |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU7321
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-9038
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to double fetch race condition in the SboxDrv.sys driver functionality. A local attacker can send specially crafted data to the \Device\SandboxDriverApi device driver, trigger kernel memory corruption and gain system privileges.
Successful exploitation of the vulnerability may result in privilege escalation.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsDell Protected Workspace: 6.1.3-24058
Invicea-X: 6.1.3-24058
External linkshttp://www.talosintelligence.com/reports/TALOS-2016-0256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
