Arbitrary code execution in Duet Display

Posted date
4 - Alta
Affected Resources

Duet Display for Windows 10+, version


INCIBE has coordinated the publication of one vulnerabilitiy that affects Duet Display, a remote desktop application and screen mirroring, which has been discovered by Alexander Huamán Jaimes.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-6235: CVSS v3.1: 7.8 | CVSS: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CWE-427.

There is no reported solution at this time.

  • CVE-2023-6235: an uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.
References list

botón arriba