CVE-2019-3745— Dell Encryption Enterprise和Dell Endpoint Security Suite Enterprise 代码问题漏洞

N/A

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

N/A

对搜索路径元素未加控制

Dell Encryption Enterprise和Dell Endpoint Security Suite Enterprise 代码问题漏洞

Dell Encryption Enterprise是美国戴尔（Dell）公司的一套数据保护解决方案。该产品包括合规性管理、身份验证、磁盘数据加密和端口加密等功能。 Dell Encryption Enterprise 10.4.0之前版本中和Dell Endpoint Security Suite Enterprise prior 2.4.0之前版本存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

N/A

N/A