The Dell Support Software, Dell System Detect the presence of security vulnerabilities that can be remotely execute malicious code-vulnerability warning-the black bar safety net

2015-04-09T00:00:00
ID MYHACK58:62201560961
Type myhack58
Reporter 佚名
Modified 2015-04-09T00:00:00

Description

Pre-installed in the Dell computer Support Software Dell System Detect is to discover the presence of vulnerabilities, allowing an attacker to remotely execute malicious code. System Detect Dell system bundled a software, as long as the system starts, it will start automatically. The use of the domain name of the dell string infected device Typically an attacker would entice a user to visit a malicious site, and malicious sites as long as the domain name contains the dell string will be able to use this vulnerability to infect the system. In found this issue after, Dell followed the release of an update, but this update did not completely solve this problem, the website domain name if it contains the dell string that will still accept a malicious download. ! If the victim device is infected by this vulnerability, then the device on some credentials, such as a variety of account, password, name, address, etc. is likely to be the attacker stealing, and even worse, the attacker may also damage the victim's device. Updated recommendations Fortunately, the latest version of the v 6.0.14 somehow managed to fully fix this vulnerability, but there is a problem, running the latest version of Dell users when the few and far between, so in this proposal the majority of users as soon as possible to update to the latest version. ! ! ! !