Remote Code Execution on Most Dell Computers

Remote Code Execution on Most Dell Computers

On start, Dell SupportAssist starts a web server (System.Net.HttpListener) on either port 8884, 8883, 8886, or port 8885. On a request, the ListenerCallback located in HttpListenerServiceFacade calls the base web server function, starts by doing integrity checks for example making sure the request came from the local machine and various other checks. The above code loops through every file, and checks if the file URL we provided doesn’t start with http:// (if it does, replace it with https://), and checks if the URL matches a list of Dell’s download servers (not all subdomains):

This is enough information we need to start writing an exploit.

Source: d4stiny.github.io