Security Experts:

Connect with us

Hi, what are you looking for?



Pre-Installed Software Flaws Expose Dell Systems to Code Execution

Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.

Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.

The vulnerable applications include the Dell Precision Optimizer application service software and Invincea-X and Invincea Dell Protected Workspace, Cisco Talos reveals in an advisory.

Tracked as CVE-2016-9038, the first vulnerability impacting Invincea-X, Dell Protected Workspace 6.1.3-24058, as a result of a device driver being read/write accessible to everyone, which can be triggered by sending specially crafted data to it.

“A successful exploitation results in an arbitrary value written to kernel memory space, which can lead to local privilege escalation,” Cisco explains.

Cisco also warns of CVE-2016-8732, an issue that involves multiple security flaws in the driver component of Invincea Dell Protected Workspace version 5.1.1-22303, a security solution for endpoints.

Weak restrictions on the driver communications channel and insufficient validation allow an attacker-controlled application executed on the vulnerable machine to leverage the driver and disable some of the protection mechanisms in the software. The bug was addressed in the 6.3.0 release of the application.

Tracked as CVE-2017-2802, a third bug impacts the Dell Precision Optimizer application and could lead to execution of arbitrary code. The issue impacts Dell Precision Tower 5810 with nVidia graphic cards, PPO Policy Processing Engine, and ati.dll (PPR Monitoring Plugin)

When the Dell PPO Service supplied by Dell Precision Optimizer starts, poaService.exe (located in “c:Program FilesDellPPO” loads the ati.dll from the same folder. The DLL, in turn, attempts to load atiadlxx.dll, which is not present by default in the directory, and the application searches “for an appropriately named DLL in the directories specified by the PATH environment variable.”

As soon as it finds a DLL with the same name, the app loads it into poaService.exe without checking its signature. Thus, an attacker could supply a malicious DLL of the correct name and achieve arbitrary code execution, Cisco explains.

According to Dell, there have been no known exploitations of this vulnerability reported to-date.

“Given that the Invincea Dell Protected Workspace is an application that is commonly deployed to secure workstations within high security environments, it is recommended that organizations using affected versions of this solution update to the latest version as quickly as possible to ensure that the protections provided by this software cannot be bypassed by an attacker,” Cisco notes. 

“The vulnerability identified by Cisco Talos in the Dell Precision Optimizer application has been mitigated through a Dell Command update, which can be found here,” a Dell spokesperson told SecurityWeek in an emailed statement. “Dell would like to thank those in the security community, such as Cisco Talos, whose efforts help us protect customers through coordinated vulnerability disclosure.”

*Updated with additional information from Dell

Related: Hackers Can Hijack Dell Email Security Appliances

Related: Dell Adds BIOS Verification Technology to Business PCs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.