CVE-2017-7293

HIGH

Dolby DAX2/DAX3 - Privilege Escalation

Title source: llm

Description

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.

Exploits (3)

github WRITEUP 3,480 stars

by qazbnm456 · poc

https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-7293.md

View Code ZIP pw:eip

github WRITEUP 14 stars

by xbl3 · poc

https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-7293.md

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/41933

View Code ZIP pw:eip

References (2)

[Issue Tracking, Third Party Advisory] https://bugs.chromium.org/p/project-zero/issues/detail?id=1075

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/41933/

Scores

CVSS v3 7.8

EPSS 0.0206

EPSS Percentile 83.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Affected Products (15)

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x2

dolby/dolby_audio_x3

dolby/dolby_audio_x3

Timeline

Published Apr 26, 2017

Tracked Since Feb 18, 2026