CVE-2017-3210

Name of the Vulnerable Software and Affected Versions: Fujitsu DisplayView Click versions 6.0 through 6.01 Fujitsu DisplayView Click Suite version 5 HP Display Assistant version 2.1 HP My Display version 2.0 Philips Smart Control Premium versions 2.23 through 2.25 Portrait Display SDK versions 2.30 through 2.34

Description: The issue arises from applications developed using the Portrait Display SDK defaulting to insecure configurations, allowing arbitrary code execution. Specifically, the component pdiservice.exe runs with NT AUTHORITY/SYSTEM permissions and is readable/writable by all Authenticated Users, enabling local authenticated attackers to execute arbitrary code with SYSTEM privileges.

Recommendations: For Fujitsu DisplayView Click versions 6.0 and 6.01, update to Version 6.3 to resolve the issue. For Fujitsu DisplayView Click Suite version 5, apply the patch in Version 5.9 to address the issue. For HP Display Assistant version 2.1, update to Version 2.11 to fix the issue. For HP My Display version 2.0, update to Version 2.1 to resolve the issue. For Philips Smart Control Premium versions 2.23 and 2.25, update to Version 2.26 to fix the issue. For Portrait Display SDK versions 2.30 through 2.34, consider disabling the pdiservice.exe component until a secure configuration or update is available.