CVE-2017-7293
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.
Los servicios de la API DAX2 y DAX3 de Dolby presentan una vulnerabilidad de escalada de privilegios que permite a un usuario normal obtener privilegios de sistema arbitrarios, ya que estos servicios tienen código .NET para DCOM. Esto afecta a Dolby Audio X2 (DAX2) en las versiones 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3 y 1.4.4., y Dolby Audio X3 (DAX3) en las versiones 1.0 y 1.1. Un ejemplo de controlador afectado es el Realtek Audio Driver 6.0.1.7898 en un Lenovo P50.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-03-28 CVE Reserved
- 2017-04-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1075 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/41933 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.0 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.0" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.0.1 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.0.1" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.1 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.1" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.1.1 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.1.1" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.2 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.2" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.3 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.3" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.3.1 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.3.1" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.3.2 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.3.2" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.4 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.4" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.4.1 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.4.1" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.4.2 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.4.2" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.4.3 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.4.3" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X2 Search vendor "Dolby" for product "Dolby Audio X2" | 1.4.4 Search vendor "Dolby" for product "Dolby Audio X2" and version "1.4.4" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X3 Search vendor "Dolby" for product "Dolby Audio X3" | 1.0 Search vendor "Dolby" for product "Dolby Audio X3" and version "1.0" | - |
Affected
| ||||||
| Dolby Search vendor "Dolby" | Dolby Audio X3 Search vendor "Dolby" for product "Dolby Audio X3" | 1.1 Search vendor "Dolby" for product "Dolby Audio X3" and version "1.1" | - |
Affected
| ||||||