Home › Security Center ›
Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.
Intel ID:  INTEL-SA-00070
Product family:  Various Intel Products (see list of affected products)
Impact of vulnerability Elevation of Privilege
Severity rating Moderate
Original release:  Feb 28, 2017
Last revised:  Feb 28, 2017
Summary: 

Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.

 
Description: 

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 which allows an attacker to launch a process with escalated privileges.

CVSS v3 Base Score: 6.3 Medium

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

 
Affected products: 

Product

Use Version

Intel Parallel Studio XE

Before 2017 Update 2

Intel System Studio, Intel VTune Amplifier

Before 2017 Update 2

Intel Inspector

Before 2017 Update 2

Intel Advisor

Before 2017 Update 2

Intel MPI Library

Before 2017 Update 2

Intel Trace Analyzer and Collector

Before 2017 Update 2

Intel Integrated Performance Primitives

Before 2017 Update 2

Cryptography for Intel Integrated Performance Primitives

Before 2017 Update 2

Intel Math Kernel Library

Before 2017 Update 2

Intel Data Analytics Acceleration Library

Before 2017 Update 2

Intel Threading Building Blocks

Before 2017 Update 2

 
Recommendations: 

Intel recommends that users of the listed products update to 2017 Update 2.  If the software is registered users will receive update notifications via their registered email addresses.  If the software is not registered please the Intel Developer Zone support page (https://software.intel.com/en-us/support) and select the appropriate product.

 
Revision history: 
Revision
Date
Description
1.0
28-February-2017
Initial Release
 
CVE Name: 
CVE-2017-5682

Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.

© 2006, Intel Corporation