PT-2017-17640 · Realtek+2 · Realtek Audio Driver+3
Publicado
2017-04-26
·
Atualizado
2019-10-03
·
CVE-2017-7293
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dolby Audio X2 (DAX2) versions 1.0 through 1.4.4
Dolby Audio X3 (DAX3) versions 1.0 through 1.1
Description
The Dolby DAX2 and DAX3 API services are susceptible to a privilege escalation issue, allowing a normal user to gain arbitrary system privileges. This is due to the presence of .NET code for DCOM in these services. An example of an affected driver is the Realtek Audio Driver 6.0.1.7898, which can be found on devices such as the Lenovo P50.
Recommendations
For Dolby Audio X2 (DAX2) versions 1.0 through 1.4.4, consider disabling the DCOM .NET code as a temporary workaround until a patch is available.
For Dolby Audio X3 (DAX3) versions 1.0 through 1.1, consider disabling the DCOM .NET code as a temporary workaround until a patch is available.
Exploit
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dolby Audio X2
Dolby Audio X3
Lenovo P50
Realtek Audio Driver