cnvd-2017-06896
Vulnerability from cnvd
Title
Dolby DAX2和DAX3提权漏洞
Description
Dolby DAX2和DAX3是Dolby Laboratories为众多供应商开发的行业标准软件程序。
Dolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4版本和DAX3 1.0和1.1版本API服务存在提权漏洞。该漏洞产生的原因是这些服务具有DCOM的.NET代码。攻击者可以利用该漏洞获得任意系统权限。
Severity
高
VLAI Severity ?
Patch Name
Dolby DAX2和DAX3提权漏洞的补丁
Patch Description
Dolby DAX2和DAX3是Dolby Laboratories为众多供应商开发的行业标准软件程序。
Dolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4版本和DAX3 1.0和1.1版本 API服务存在提权漏洞。该漏洞产生的原因是这些服务具有DCOM的.NET代码。攻击者可以利用该漏洞获得任意系统权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075
Reference
https://www.exploit-db.com/exploits/41933/
https://nvd.nist.gov/vuln/detail/CVE-2017-7293
Impacted products
| Name | ['Dolby DAX2 1.0', 'Dolby DAX2 1.0.1', 'Dolby DAX2 1.1', 'Dolby DAX2 1.1.1', 'Dolby DAX2 1.2', 'Dolby DAX2 1.3', 'Dolby DAX2 1.3.1', 'Dolby DAX2 1.3.2', 'Dolby DAX2 1.4', 'Dolby DAX2 1.4.1', 'Dolby DAX2 1.4.2', 'Dolby DAX2 1.4.3', 'Dolby DAX3 1.0', 'Dolby DAX3 1.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-7293",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7293"
}
},
"description": "Dolby DAX2\u548cDAX3\u662fDolby Laboratories\u4e3a\u4f17\u591a\u4f9b\u5e94\u5546\u5f00\u53d1\u7684\u884c\u4e1a\u6807\u51c6\u8f6f\u4ef6\u7a0b\u5e8f\u3002\r\n\r\nDolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4\u7248\u672c\u548cDAX3 1.0\u548c1.1\u7248\u672cAPI\u670d\u52a1\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u8fd9\u4e9b\u670d\u52a1\u5177\u6709DCOM\u7684.NET\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4efb\u610f\u7cfb\u7edf\u6743\u9650\u3002",
"discovererName": "Google Security Research",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1075",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-06896",
"openTime": "2017-05-18",
"patchDescription": "Dolby DAX2\u548cDAX3\u662fDolby Laboratories\u4e3a\u4f17\u591a\u4f9b\u5e94\u5546\u5f00\u53d1\u7684\u884c\u4e1a\u6807\u51c6\u8f6f\u4ef6\u7a0b\u5e8f\u3002\r\n\r\nDolby DAX2 1.0,1.0.1,1.1,1.1.1,1.2,1.3,1.3.1,1.3.2,1.4,1.4.1,1.4.2,1.4.3,1.4.4\u7248\u672c\u548cDAX3 1.0\u548c1.1\u7248\u672c API\u670d\u52a1\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u8fd9\u4e9b\u670d\u52a1\u5177\u6709DCOM\u7684.NET\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4efb\u610f\u7cfb\u7edf\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Dolby DAX2\u548cDAX3\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Dolby DAX2 1.0",
"Dolby DAX2 1.0.1",
"Dolby DAX2 1.1",
"Dolby DAX2 1.1.1",
"Dolby DAX2 1.2",
"Dolby DAX2 1.3",
"Dolby DAX2 1.3.1",
"Dolby DAX2 1.3.2",
"Dolby DAX2 1.4",
"Dolby DAX2 1.4.1",
"Dolby DAX2 1.4.2",
"Dolby DAX2 1.4.3",
"Dolby DAX3 1.0",
"Dolby DAX3 1.1"
]
},
"referenceLink": "https://www.exploit-db.com/exploits/41933/\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7293",
"serverity": "\u9ad8",
"submitTime": "2017-04-27",
"title": "Dolby DAX2\u548cDAX3\u63d0\u6743\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…