Applications developed using the Portrait Displays software development kit (SDK), versions 2.30 through 2.34, contain a critical vulnerability. A local attacker could exploit this vulnerability to take control of an affected system.
The affected applications, pre-installed on some Fujitsu, HP, and Philips devices, are:
- Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3.
- Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9.
- HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11.
- HP My Display: Version 2.0. The issue was fixed in Version 2.1.
- Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
US-CERT recommends users and administrators review Vulnerability Note VU#219739 for additional information and refer to their device vendors for appropriate patches. Portrait Displays has released a patch for its SDK software.