https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/ When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”. [...] # Exploitation The first issue we face is making requests to the SupportAssist client. Assume we are in the context of a Dell subdomain, we’ll get into how exactly we do this further in this section. I decided to mimic the browser and make requests using javascript. [...] # Demo Here’s a small demo video showcasing the vulnerability. You can download the source code of the proof of concept here. https://invidio.us/watch?v=0cTfnZ04jgQ https://github.com/D4stiny/Dell-Support-Assist-RCE-PoC # Timeline 10/26/2018 - Initial write up sent to Dell. 10/29/2018 - Initial response from Dell. 11/22/2018 - Dell has confirmed the vulnerability. 11/29/2018 - Dell scheduled a “tentative” fix to be released in Q1 2019. 01/28/2019 - Disclosure date extended to March. 03/13/2019 - Dell is still fixing the vulnerability and has scheduled disclosure for the end of April. 04/18/2019 - Vulnerability disclosed as an advisory. Written on April 30, 2019