DSA-2019-096: Dell/Alienware Digital Delivery Security Update for Privilege Escalation Vulnerabilities

Zusammenfassung: Dell Digital Delivery and Alienware Digital Delivery have been updated to address two vulnerabilities which may be potentially exploited to cause a privilege escalation with the ability for a non-privileged user to run an executable as SYSTEM. ...

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

High

Details

  • Privilege escalation vulnerability (CVE-2019-3742)

    Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3744)

    Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3742)

    Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3744)

    Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Affected products:
Dell Digital Delivery versions prior to 3.5.2013
Dell Digital Delivery versions prior to 4.0.41 (Microsoft Store)
Alienware Digital Delivery versions prior to 3.5.2013
Alienware Digital Delivery versions prior to 4.0.41 (Microsoft Store)

Resolution:

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2013 and later
  • Dell Digital Delivery versions 4.0.41 and later
  • Alienware Digital Delivery versions 3.5.2013 and later
  • Alienware Digital Delivery versions 4.0.41 and later
Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Affected products:
Dell Digital Delivery versions prior to 3.5.2013
Dell Digital Delivery versions prior to 4.0.41 (Microsoft Store)
Alienware Digital Delivery versions prior to 3.5.2013
Alienware Digital Delivery versions prior to 4.0.41 (Microsoft Store)

Resolution:

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2013 and later
  • Dell Digital Delivery versions 4.0.41 and later
  • Alienware Digital Delivery versions 3.5.2013 and later
  • Alienware Digital Delivery versions 4.0.41 and later
Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Danksagung

Dell would like to thank Alexander Bolshev, Security Consultant, IOActive and Enrique Nissim, Senior Security Consultant, IOActive for reporting these vulnerabilities.

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Alienware
Artikeleigenschaften
Artikelnummer: 000145430
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 18 Aug. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.