CVE-2017-2802
Last modified
CVE-2017-2802 is a vulnerability of currently unknown severity. An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. EPSS estimates a 1.18% chance of exploitation in the next 30 days.
Description
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Precision Optimizer | 3.5.5.0 |
References
- http://www.securityfocus.com/bid/99360Third Party Advisory, VDB Entry
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247Exploit, Technical Description, Third Party Advisory
- http://www.securityfocus.com/bid/99360Third Party Advisory, VDB Entry
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2802?
How severe is CVE-2017-2802?
How do I fix CVE-2017-2802?
Are you affected by CVE-2017-2802?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST