CVE-2019-3726

Name of the Vulnerable Software and Affected Versions Dell Update Package (DUP) Framework file versions prior to 19.1.0.413 Dell Update Package (DUP) Framework file versions prior to 103.4.6.69 used in Dell EMC Servers Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms

Description The issue is an Uncontrolled Search Path Vulnerability that can be exploited by a locally authenticated low privilege malicious user. This user could trick an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability is limited to the time window when a DUP is being executed by an administrator and does not affect the actual binary payload that the DUP delivers.

Recommendations For Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, update to version 19.1.0.413 or later. For Dell Update Package (DUP) Framework file versions prior to 103.4.6.69 used in Dell EMC Servers, update to version 103.4.6.69 or later. For Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms, update to version 3.8.3.67 or later.