Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-12280

Published: 25/06/2019 Updated: 26/06/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Toolbox

Vulnerability Summary

PC-Doctor Toolbox prior to 7.3 has an Uncontrolled Search Path Element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pc-doctor toolbox

dell supportassist for home pcs 3.2.2

dell supportassist for business pcs 2.0.1

Recent Articles

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
The Register • Laurie Clarke • 11 Feb 2020

If you don't have auto-update switched on, time to patch Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the vulnerability, warning that a locally authenticated low-privilege user could exploit the bug to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware. SupportAssist scans the s...

Read more...
Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool
The Register • Shaun Nichols in San Francisco • 20 Jun 2019

Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too You dirty DRAC: IT bods uncover Dell server firmware security slip

Updated Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers. The Texan system slinger today issued an advisory warning that its PC repair tool suffers a privilege-escalation vulnerability, CVE-2019-12280, and needs patching. We're told Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2...

Read more...

References

CWE-427http://seclists.org/fulldisclosure/2019/Jun/29https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssisthttps://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Softwarehttp://www.securityfocus.com/bid/108880http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-reporthttp://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.htmlhttps://seclists.org/fulldisclosure/2019/Jun/29https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=enhttps://nvd.nist.govhttps://www.theregister.co.uk/2019/06/20/dell_supportassist_security_hole/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook