Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
Vulnerability Description
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Portrait Displays SDK 配置错误漏洞
Vulnerability Description
Portrait Displays是一个可扩展的平台支持所有显示技术和显示器的嵌入式控制平台。Portrait Displays SDK是一个适用于Portrait Displays的标准开发工具包。 Portrait Display SDK 2.30版本至2.34版本中存在配置错误漏洞。本地攻击者可利用该漏洞以提升的系统权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A