PT-2017-17640 · Realtek+2 · Realtek Audio Driver+3

Published

2017-04-26

Updated

2019-10-03

CVE-2017-7293

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dolby Audio X2 (DAX2) versions 1.0 through 1.4.4 Dolby Audio X3 (DAX3) versions 1.0 through 1.1

Description The Dolby DAX2 and DAX3 API services are susceptible to a privilege escalation issue, allowing a normal user to gain arbitrary system privileges. This is due to the presence of .NET code for DCOM in these services. An example of an affected driver is the Realtek Audio Driver 6.0.1.7898, which can be found on devices such as the Lenovo P50.

Recommendations For Dolby Audio X2 (DAX2) versions 1.0 through 1.4.4, consider disabling the DCOM .NET code as a temporary workaround until a patch is available. For Dolby Audio X3 (DAX3) versions 1.0 through 1.1, consider disabling the DCOM .NET code as a temporary workaround until a patch is available.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-7293

Affected Products

Dolby Audio X2

Dolby Audio X3

Lenovo P50

Realtek Audio Driver

PT-2017-17640 · Realtek+2 · Realtek Audio Driver+3

CVE-2017-7293

Weakness Enumeration

Related Identifiers

Affected Products

References · 5