Arbitrary code execution in Duet Display

Posted date 21/11/2023

Importance

4 - High

Affected Resources

Duet Display for Windows 10+, version 2.5.9.1.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Duet Display 2.5.9.1, a remote desktop application and screen mirroring, which has been discovered by Alexander Huamán Jaimes.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-6235: CVSS v3.1: 7.8 | CVSS: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CWE-427.

Solution

There is no reported solution at this time.

Detail

CVE-2023-6235: an uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.

References list

Duet Display

Etiquetas

0day
CNA
Vulnerability