Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fujitsu | displayview_click_suite | 5.0 |
| fujitsu | displayview_click | 6.0 |
| philips | smart_control_premium | 2.25 |
| hp | display_assistant | 2.1 |
| philips | smart_control_premium | 2.23 |
| fujitsu | displayview_click | 6.01 |
| portrait | portrait_display_sdk | * |
| hp | my_display | 2.0 |
The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portrait | dell_color_management | * |
An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portrait | dell_color_management | * |