1. CVE-Search
  2. CVE-2017-3210
ID CVE-2017-3210
Summary Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
References
Vulnerable Configurations
  • cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*
    cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 09-10-2019 - 23:27)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 98006
cert-vn VU#219739
Last major update 09-10-2019 - 23:27
Published 24-07-2018 - 15:29
Last modified 09-10-2019 - 23:27
Back to Top