In this article we will focus on PC-Doctor’s components in order to describe the vulnerability and then exploit the vulnerability to get low-level access (e.g.
The company develops hardware-diagnostic software. The components which allow SupportAssist to access sensitive low-level hardware (such as physical memory, PCI and SMBios) was written by the PC-Doctor company. These exploits include a Proof-of-Concept of how to read physical memory using Dell’s Microsoft-signed driver (which is part of the SupportAssist software). In this post, we will demonstrate how to exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence.Īdditionally, we will present some of the potential malicious actions that could be undertaken by exploiting the vulnerability in the SupportAssist software. UPDATE: After SafeBreach Labs sent the details to Dell, we discovered that this vulnerability affects additional OEMs which use a rebranded version of the PC-Doctor Toolbox for Windows software components. In the following article we will present a new vulnerability in PC-Doctor’s Dell Hardware Support Service software discovered by SafeBreach Labs.
0 kommentar(er)
