CVE-2017-2802

Name of the Vulnerable Software and Affected Versions: Dell Precision Optimizer version 3.5.5.0

Description: A dll hijacking issue exists in the poaService.exe service component. This can be exploited by placing a malicious dll file in a directory pointed to by the PATH environment variable, leading to privilege escalation. An attacker with local access to the vulnerable system can exploit this issue.

Recommendations: For version 3.5.5.0, consider restricting access to the poaService.exe service component until a patch is available. As a temporary workaround, restrict the use of directories pointed to by the PATH environment variable to minimize the risk of exploitation.