Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Published: 2018-07-24
Updated: 2024-11-21
Summary
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | PORTRAIT_DISPLAY_SDK_CVE-2017-3210.NASL |
description | The Portrait Displays SDK Service (PdiService) running on the remote Windows host is affected by a privilege escalation vulnerability due to insecurely configured permissions. The service is writable to all authenticated users on the system while running with AUTHORITY/SYSTEM privileges. A local attacker can exploit this to run arbitrary code with SYSTEM privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 99727 |
published | 2017-04-28 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/99727 |
title | Portrait Display SDK PdiService Insecure Privileges Local Privilege Escalation |