Dell Alienware Purchased Apps
Monthly
Arbitrary file write in Dell/Alienware Purchased Apps versions prior to 1.1.32.0 is achievable by a low-privileged local attacker through a link-following (CWE-59) flaw, enabling overwrite of files at elevated privilege levels and resulting in high integrity and availability impact. The CVSS vector (AV:L/AC:H/PR:L) confirms local access with high attack complexity is required, suggesting exploitation likely involves a race condition or carefully staged symlink placement. No active exploitation is confirmed (not in CISA KEV), and a vendor-released patch is available at version 1.1.32.0.
Arbitrary file write in Dell/Alienware Purchased Apps versions prior to 1.1.32.0 is achievable by a low-privileged local attacker through a link-following (CWE-59) flaw, enabling overwrite of files at elevated privilege levels and resulting in high integrity and availability impact. The CVSS vector (AV:L/AC:H/PR:L) confirms local access with high attack complexity is required, suggesting exploitation likely involves a race condition or carefully staged symlink placement. No active exploitation is confirmed (not in CISA KEV), and a vendor-released patch is available at version 1.1.32.0.