Multiple versions of Dell Hybrid Client 1.8 and below are affected by a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. Dell has released updates to address this issue. The advisory details follow. Preamble: We would like to remind our readers that the purpose of these articles is to increase awareness and help individuals in determining the risk of running untested software on their networks. The software mentioned in this article could be exploited by attackers to carry out a man-in REDkit Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
Details
A vulnerability in the UI of Dell Hybrid Client 1.8 and below may allow a guest privilege attacker to exploit this issue, leading to system files modification. Exploitation of this issue could be achieved by opening a web link or email attachment that contains malicious content. The impact could vary depending on multiple factors including, but not limited to, whether the session is already logged on the system, the privileges of the user account, and whether any antivirus software is installed.
Dell Hybrid Client
1.8 and below are affected by a Zip Bomb Vulnerability in UI
A vulnerability has been discovered in the downloadable version of Dell Hybrid Client 1.8 and below, which could be exploited by attackers, giving them access to system files. Dell has released updates to address this issue. The advisory details follow.
Timeline
Published on: 10/11/2022 17:15:00 UTC
Last modified on: 10/13/2022 16:53:00 UTC