CVE-2017-7293

high-risk

Published 2017-04-26

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.

Do I need to act?

2.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

41933

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (15)

Dolby Audio X2

Dolby Audio X3

Affected Vendors

Dolby

References (4)

Issue Tracking https://bugs.chromium.org/p/project-zero/issues/detail?id=1075

Exploit https://www.exploit-db.com/exploits/41933/

Issue Tracking https://bugs.chromium.org/p/project-zero/issues/detail?id=1075

Exploit https://www.exploit-db.com/exploits/41933/

/ 100

high-risk

Severity 24/34 · High

Exploitability 12/34 · Low

Exposure 18/34 · Moderate