Portrait Displays Releases Patch for its SDK

Portrait Displays released a patch to address a critical "Incorrect Default Permissions" vulnerability, CWE-276, in applications created using the Portrait Displays software development kit (SDK) versions 2.30 to 2.34. If exploited successfully, a local authenticated, non-privileged hacker can run arbitrary code with elevated SYSTEM privileges. The vulnerability affects the following applications: Fujitsu DisplayView Click versions 6.0 and 6.01, Fujitsu DisplayView Click Suite version 5, HP Display Assistant version 2.1, HP My Display version 2.0, and Philips Smart Control Premium versions 2.23 and 2.25. The NJCCIC recommends all users and administrators review Portrait Displays’ Security Update, US-CERT’s Vulnerability Note VU#219739, and download and install the software patch or apply the workaround if patching is unavailable.