This technical advisory provides an excellent overview of that bug as well as operational details of DSA. Of note, a similar bug in DSA (CVE-2019-11114) was previously discovered by Rich Warren of the NCC Group. An unprivileged user can change the folder location, coerce a privileged file copy operation to a “protected” directory through a reparse point, and deliver a payload such as a DLL loading technique to execute unintended code. This includes the ability to configure the folder location for downloads and data (e.g. An unprivileged user has nominal control over configuration settings within the web-based interface. DSA version 20.8.30.6 (and likely prior) is vulnerable to a local privilege escalation reparse point bug. Intel Driver & Support Assistant (DSA) is a driver and software update utility for Intel components.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |