CVE-2019-3744

Name of the Vulnerable Software and Affected Versions Dell/Alienware Digital Delivery versions prior to 4.0.41

Description The issue allows a local non-privileged malicious user to exploit a Universal Windows Platform application. This is achieved by manipulating the install software package feature, utilizing a race condition and a path traversal exploit. The goal is to run a malicious executable with elevated privileges.

Recommendations For versions prior to 4.0.41, update to version 4.0.41 or later to resolve the issue. As a temporary workaround, consider restricting access to the install software package feature to minimize the risk of exploitation.