Dell BIOSConnect stack-based overflow [CVE-2021-21573]

Overview :
A vulnerability classified as critical was found in Dell BIOSConnect (affected version unknown). Affected by this vulnerability is some unknown processing. Upgrading eliminates this vulnerability.
Affected Product(s) :
  • Alienware m15 R6, Inspiron, OptiPlex, Latitude, Vostro, XPS – version 3

Vulnerability Details :
CVE ID : CVE-2021-21573
Dell BIOSConnect feature contains a buffer overflow vulnerability.

An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Solution :
Dell recommends all customers update to the latest Dell Client BIOS version at the earliest opportunity. Customers who choose not to apply BIOS updates immediately or who are otherwise unable to do so now, should apply the below mitigation.

Common Vulnerabilityies and Exposures

Internet Download Manager 6.37.11.1 Export/Import stack-based overflow

A vulnerability, which was classified as critical, was found in Internet Download Manager 6.37.11.1. This affects an unknown code block of the component Export/Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Passcovery ZIP Password Recovery 3.70.69.0 Decompression buffer overflow

A vulnerability classified as critical was found in Passcovery ZIP Password Recovery 3.70.69.0. Affected by this vulnerability is an unknown part of the component Decompression. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Portable Playable 9.18 JPEG File filename unrestricted upload

A vulnerability, which was classified as critical, has been found in Portable Playable 9.18. Affected by this issue is an unknown code of the component JPEG File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.