CVE-2017-7293
published 2017-04-26CVE-2017-7293: The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges…
PriorityP347high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.61%
83.5th percentile
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x2 | — | — |
| dolby | dolby_audio_x3 | — | — |
| dolby | dolby_audio_x3 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9rw3-5r36-mrvf: The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileg
ghsa_unreviewed·2022-05-13
CVE-2017-7293 [HIGH] CWE-502 GHSA-9rw3-5r36-mrvf: The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileg
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.
Project0
Exploiting .NET Managed DCOM - Project Zero
project_zero·2017-04-01
CVE-2014-0257 Exploiting .NET Managed DCOM - Project Zero
Posted by James Forshaw, Project Zero
One of the more interesting classes of security vulnerabilities are those affecting interoperability technology. This is because these vulnerabilities typically affect any application using the technology, regardless of what the application actually does. Also in many cases they’re difficult for a developer to mitigate outside of not using that technology, something which isn’t always possible.
I discovered one such vulnerability class in the Component Object Model (COM) interoperability layers of .NET which make the use of .NET for Distributed COM (DCOM) across privilege boundaries inherently insecure. This blog post will describe a couple of ways this could be abused, first to gain elevated privileges and then as a remote code execution vulnerabi
No detection rules found.
No writeups or analysis indexed.
2017-04-26
Published