CVE-2018-11072

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Digital Delivery
Vendor: CVE Published:; 2 October 2018

Summary

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Affected Version(s)

Dell Digital Delivery Versions prior to 3.5.1

References

https://www.dell.com/support/article/us/en/04/sln313559/d...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2018
Vulnerability Reserved
May 14, 2018