The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs.
Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers.
The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally authenticated user with low privileges to “cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code,” Dell wrote in its explanation of the bug.
The latest bug—discovered by CyberArk security researcher Eran Shimony, who notified Dell–affects both business and home users of Dell systems. The vulnerability exists in Dell SupportAssist for business PCs version 2.1.3 or older and home PCs version 3.4 or older, according to Dell.
For More Details :
https://threatpost.com/dell-patches-supportassist-flaw-that-allows-arbitrary-code-execution/152771/
