Security experts from Cisco Talos have discovered a couple of vulnerabilities in Dell Precision software which allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.
Tracked as CVE-2016-9038, the first vulnerability impacting Invincea-X, Dell Protected Workspace 6.1.3-24058, because of a device driver being read/write accessible to everyone, which can be triggered by sending specially crafted data to it.
Cisco also warns of CVE-2016-8732, an issue that involves multiple security flaws in the driver component of Invincea Dell Protected Workspace version 5.1.1-22303, a security solution for endpoints.
Tracked as CVE-2017-2802, a third bug impacts the Dell Precision Optimizer application and could lead to execution of arbitrary code. The issue impacts Dell Precision Tower 5810 with nVidia graphic cards, PPO Policy Processing Engine 188.8.131.52, and ati.dll (PPR Monitoring Plugin) 184.108.40.206.
Dell users are recommended to upgrade the Dell pre-installed software immediately to prevent any major attacks.