ASA-2019-00373 – PC-Doctor Toolbox: Uncontrolled Search Path Element

Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 7.3 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable.

ASA-2019-00372 – Dell SupportAssist: Improper Privilege Management Vulnerability

Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs has been updated to address a vulnerability, which may be potentially exploited to compromise the system. Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.