CVE-2017-2802
HIGHDell Precision Optimizer 3.5.5.0 - DLL Hijacking via PATH Environment Variable
Title source: llmDescription
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
References (2)
Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99360
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (1)
dell/precision_optimizer
3.5.5.0
Published
Apr 24, 2018
Tracked Since
Feb 18, 2026