Race Condition in Absolute Computrace Agent on Dell Inspiron Systems
CVE-2009-5152

4.1MEDIUM

Key Information:

Vendor: Absolute
Status: Computrace Agent
Vendor: CVE Published:; 11 May 2018

What is CVE-2009-5152?

The Absolute Computrace Agent, when included in specific 2009 Dell Inspiron systems, is susceptible to a race condition due to its interaction with the Dell Client Configuration Utility (DCCU). This vulnerability enables privileged local users to manipulate the activation or deactivation status of the Computrace Agent, reverting it to factory defaults by employing a specially crafted TaskResult.xml file. The potential for unauthorized access to system settings underscores the need for users to apply appropriate security measures.

References

https://www.coresecurity.com/system/files/publications/20...

x_refsource_MISC

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2018
Vulnerability Reserved
May 11, 2018