Dell Digital Delivery DLL Injection Vulnerability

CVE Identifier: CVE-2018-11072

Severity: High

Affected Products:

• Dell Digital Delivery versions prior to 3.5.1

Summary:

Dell Digital Delivery contains a fix for DLL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Resolution:

Dell Digital Delivery version 3.5.2 and later releases contain a resolution to this vulnerability.

Dell recommends all customers upgrade at the earliest opportunity.

Downloads for the applicable version are available below:

• Dell Digital Delivery: Customers can download software from https://www.dell.com/support/home/en-us?app=drivers .

Credit:

Dell would like to thank Bryan Alexander for reporting this vulnerability.

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.