MidnightBSD

Advisories for dolby

CVE-2017-7293 HIGH

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
dolby dolby_audio_x3 1.1
dolby dolby_audio_x2 1.3
dolby dolby_audio_x2 1.3.2
dolby dolby_audio_x2 1.4.3
dolby dolby_audio_x2 1.1
dolby dolby_audio_x2 1.4.1
dolby dolby_audio_x2 1.0
dolby dolby_audio_x2 1.3.1
dolby dolby_audio_x3 1.0
dolby dolby_audio_x2 1.4.4
dolby dolby_audio_x2 1.1.1
dolby dolby_audio_x2 1.2
dolby dolby_audio_x2 1.0.1
dolby dolby_audio_x2 1.4.2
dolby dolby_audio_x2 1.4
CVE-2021-3146 MEDIUM

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
dolby audio_x2 *