CVE-2017-2802
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
Existe una vulnerabilidad explotable de secuestro de DLL en el componente del servicio poaService.exe del software Dell Precision Optimizer 3.5.5.0. Un archivo DLL malicioso nombrado de forma específica ubicado en uno de los directorios a los que señala la variable del entorno PATH conducirá a un escalado de privilegios. Un atacante con acceso local al sistema vulnerable puede explotar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2018-04-24 CVE Published
- 2023-09-15 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99360 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Precision Optimizer Search vendor "Dell" for product "Precision Optimizer" | 3.5.5.0 Search vendor "Dell" for product "Precision Optimizer" and version "3.5.5.0" | - |
Affected
| ||||||