Code injection

2021-07-2217:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

CPENameOperatorVersion
supportassist_for_business_pcseq2.0
supportassist_for_business_pcseq2.0.1
supportassist_for_business_pcseq2.0.2
supportassist_for_business_pcseq2.1
supportassist_for_business_pcseq2.1.1
supportassist_for_business_pcseq2.1.2
supportassist_for_business_pcseq2.1.3
supportassist_for_home_pcseq2.2
supportassist_for_home_pcseq2.2.1
supportassist_for_home_pcseq2.2.2

Name	Operator	Version
supportassist_for_business_pcs	eq	2.0
supportassist_for_business_pcs	eq	2.0.1
supportassist_for_business_pcs	eq	2.0.2
supportassist_for_business_pcs	eq	2.1
supportassist_for_business_pcs	eq	2.1.1
supportassist_for_business_pcs	eq	2.1.2
supportassist_for_business_pcs	eq	2.1.3
supportassist_for_home_pcs	eq	2.2
supportassist_for_home_pcs	eq	2.2.1
supportassist_for_home_pcs	eq	2.2.2