cnvd-2017-06896
Vulnerability from cnvd
Title: Dolby DAX2和DAX3提权漏洞
Description:
Dolby DAX2和DAX3是Dolby Laboratories为众多供应商开发的行业标准软件程序。
Dolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4版本和DAX3 1.0和1.1版本API服务存在提权漏洞。该漏洞产生的原因是这些服务具有DCOM的.NET代码。攻击者可以利用该漏洞获得任意系统权限。
Severity: 高
Patch Name: Dolby DAX2和DAX3提权漏洞的补丁
Patch Description:
Dolby DAX2和DAX3是Dolby Laboratories为众多供应商开发的行业标准软件程序。
Dolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4版本和DAX3 1.0和1.1版本 API服务存在提权漏洞。该漏洞产生的原因是这些服务具有DCOM的.NET代码。攻击者可以利用该漏洞获得任意系统权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075
Reference: https://www.exploit-db.com/exploits/41933/ https://nvd.nist.gov/vuln/detail/CVE-2017-7293
Impacted products
Name | ['Dolby DAX2 1.0', 'Dolby DAX2 1.0.1', 'Dolby DAX2 1.1', 'Dolby DAX2 1.1.1', 'Dolby DAX2 1.2', 'Dolby DAX2 1.3', 'Dolby DAX2 1.3.1', 'Dolby DAX2 1.3.2', 'Dolby DAX2 1.4', 'Dolby DAX2 1.4.1', 'Dolby DAX2 1.4.2', 'Dolby DAX2 1.4.3', 'Dolby DAX3 1.0', 'Dolby DAX3 1.1'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2017-7293", "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7293" } }, "description": "Dolby DAX2\u548cDAX3\u662fDolby Laboratories\u4e3a\u4f17\u591a\u4f9b\u5e94\u5546\u5f00\u53d1\u7684\u884c\u4e1a\u6807\u51c6\u8f6f\u4ef6\u7a0b\u5e8f\u3002\r\n\r\nDolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4\u7248\u672c\u548cDAX3 1.0\u548c1.1\u7248\u672cAPI\u670d\u52a1\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u8fd9\u4e9b\u670d\u52a1\u5177\u6709DCOM\u7684.NET\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4efb\u610f\u7cfb\u7edf\u6743\u9650\u3002", "discovererName": "Google Security Research", "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1075", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2017-06896", "openTime": "2017-05-18", "patchDescription": "Dolby DAX2\u548cDAX3\u662fDolby Laboratories\u4e3a\u4f17\u591a\u4f9b\u5e94\u5546\u5f00\u53d1\u7684\u884c\u4e1a\u6807\u51c6\u8f6f\u4ef6\u7a0b\u5e8f\u3002\r\n\r\nDolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4\u7248\u672c\u548cDAX3 1.0\u548c1.1\u7248\u672c API\u670d\u52a1\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u8fd9\u4e9b\u670d\u52a1\u5177\u6709DCOM\u7684.NET\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4efb\u610f\u7cfb\u7edf\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Dolby DAX2\u548cDAX3\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": [ "Dolby DAX2 1.0", "Dolby DAX2 1.0.1", "Dolby DAX2 1.1", "Dolby DAX2 1.1.1", "Dolby DAX2 1.2", "Dolby DAX2 1.3", "Dolby DAX2 1.3.1", "Dolby DAX2 1.3.2", "Dolby DAX2 1.4", "Dolby DAX2 1.4.1", "Dolby DAX2 1.4.2", "Dolby DAX2 1.4.3", "Dolby DAX3 1.0", "Dolby DAX3 1.1" ] }, "referenceLink": "https://www.exploit-db.com/exploits/41933/\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7293", "serverity": "\u9ad8", "submitTime": "2017-04-27", "title": "Dolby DAX2\u548cDAX3\u63d0\u6743\u6f0f\u6d1e" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…