Published: 25/06/2019 Updated: 26/06/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

PC-Doctor Toolbox prior to 7.3 has an Uncontrolled Search Path Element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pc-doctor toolbox

dell supportassist for business pcs 2.0.1

dell supportassist for home pcs 3.2.2

Mailing Lists

Full Disclosure I VULNERABILITY ------------------------- Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 73 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable II CVE REFER ...

Recent Articles

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
The Register • Laurie Clarke • 11 Feb 2020

If you don't have auto-update switched on, time to patch

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges.
The company has issued an advisory about the flaw, warning that a locally authenticated low-privilege user could exploit the vuln to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware.
SupportAssist scans t...

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component
Threatpost • Lindsey O'Donnell • 21 Jun 2019

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices.
The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which deve...

Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool
The Register • Shaun Nichols in San Francisco • 20 Jun 2019

Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too

Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.
The Texan system slinger today issued an advisory warning that its PC repair tool suffers a privilege-escalation vulnerability, CVE-2019-12280, and needs patching. We're told Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 a...