Pre-Installed Applications Developed with Portrait Displays SDK Contain Critical Vulnerability

Applications developed using the Portrait Displays software development kit (SDK), versions 2.30 through 2.34, contain a critical vulnerability. A local attacker could exploit this vulnerability to take control of an affected system.

The affected applications, pre-installed on some Fujitsu, HP, and Philips devices, are:

• Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3.
• Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9.
• HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11.
• HP My Display: Version 2.0. The issue was fixed in Version 2.1.
• Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

US-CERT recommends users and administrators review Vulnerability Note VU#219739 for additional information and refer to their device vendors for appropriate patches. Portrait Displays has released a patch for its SDK software.