CVE-2023-6235

Name of the Vulnerable Software and Affected Versions Duet Display version 2.5.9.1

Description An uncontrolled search path element issue has been found in the Duet Display product. This could allow an attacker to place an arbitrary libusk.dll file in the C:UsersuserAppDataLocalMicrosoftWindowsApps directory, potentially leading to the execution and persistence of arbitrary code.

Recommendations For version 2.5.9.1, consider removing or restricting access to the libusk.dll file in the vulnerable directory until a patch is available. As a temporary workaround, restrict write access to the C:UsersuserAppDataLocalMicrosoftWindowsApps directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.