ID |
CVE-2017-3210
|
Summary |
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*
-
cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*
cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*
cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*
-
cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*
cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*
cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*
cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*
-
cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*
cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 09-10-2019 - 23:27) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-16 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 98006 | cert-vn | VU#219739 |
|
Last major update |
09-10-2019 - 23:27 |
Published |
24-07-2018 - 15:29 |
Last modified |
09-10-2019 - 23:27 |