Vulnerabilities > CVE-2023-6235 - Unspecified vulnerability in Duetdisplay Duet Display 2.5.9.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

duetdisplay

NVD

Published: 2023-11-21

Updated: 2024-11-21

Summary

An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Duetdisplay Duetdisplay Duet Display 2.5.9.1	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display
https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display