Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dell Update Package Framework 代码问题漏洞
Vulnerability Description
Dell Update Package(DUP)Framework是美国戴尔(Dell)公司的一款用于更新系统组件的框架。该产品主要提供驱动程序、应用程序、BIOS和固件的安装程序。 Dell DUP Framework文件中存在代码问题漏洞。本地攻击者可通过诱使管理员运行可信的库,进而加载恶意的DLL利用该漏洞在用户系统上执行任意代码。以下产品及版本受到影响:Dell Update Package (DUP) Framework file 19.1.0.413版本(Dell EMC Servers),1
CVSS Information
N/A
Vulnerability Type
N/A