CVE-2018-11072

HIGH

Dell Digital Delivery < 3.5.1 - Uncontrolled Search Path

Title source: rule

Description

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

References (1)

[Mitigation, Vendor Advisory] https://www.dell.com/support/article/us/en/04/sln313559/dell-digital-delivery-dll-injection-vulnerability?lang=en

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

dell/digital_delivery < 3.5.1

Timeline

Published Oct 02, 2018

Tracked Since Feb 18, 2026