脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
脆弱性説明
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
CVSS情報
N/A
脆弱性タイプ
缺省权限不正确
脆弱性タイトル
Portrait Displays SDK 配置错误漏洞
脆弱性説明
Portrait Displays是一个可扩展的平台支持所有显示技术和显示器的嵌入式控制平台。Portrait Displays SDK是一个适用于Portrait Displays的标准开发工具包。 Portrait Display SDK 2.30版本至2.34版本中存在配置错误漏洞。本地攻击者可利用该漏洞以提升的系统权限执行任意代码。
CVSS情報
N/A
脆弱性タイプ
N/A