Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000145430

DSA-2019-096: Dell/Alienware Digital Delivery Security Update for Privilege Escalation Vulnerabilities

Summary: Dell Digital Delivery and Alienware Digital Delivery have been updated to address two vulnerabilities which may be potentially exploited to cause a privilege escalation with the ability for a non-privileged user to run an executable as SYSTEM. ...

Article Content

Impact

High

Details

  • Privilege escalation vulnerability (CVE-2019-3742)

    Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3744)

    Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3742)

    Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

  • Privilege escalation vulnerability (CVE-2019-3744)

    Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

    CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:
Dell Digital Delivery versions prior to 3.5.2013
Dell Digital Delivery versions prior to 4.0.41 (Microsoft Store)
Alienware Digital Delivery versions prior to 3.5.2013
Alienware Digital Delivery versions prior to 4.0.41 (Microsoft Store)

Resolution:

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2013 and later
  • Dell Digital Delivery versions 4.0.41 and later
  • Alienware Digital Delivery versions 3.5.2013 and later
  • Alienware Digital Delivery versions 4.0.41 and later
Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Affected products:
Dell Digital Delivery versions prior to 3.5.2013
Dell Digital Delivery versions prior to 4.0.41 (Microsoft Store)
Alienware Digital Delivery versions prior to 3.5.2013
Alienware Digital Delivery versions prior to 4.0.41 (Microsoft Store)

Resolution:

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2013 and later
  • Dell Digital Delivery versions 4.0.41 and later
  • Alienware Digital Delivery versions 3.5.2013 and later
  • Alienware Digital Delivery versions 4.0.41 and later
Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Acknowledgements

Dell would like to thank Alexander Bolshev, Security Consultant, IOActive and Enrique Nissim, Senior Security Consultant, IOActive for reporting these vulnerabilities.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Alienware

Last Published Date

21 Feb 2021

Article Type

Dell Security Advisory

Back to Top