Headline
CVE-2023-6235: Arbitrary code execution in Duet Display
An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.
Affected Resources
Duet Display for Windows 10+, version 2.5.9.1.
Description
INCIBE has coordinated the publication of one vulnerabilitiy that affects Duet Display 2.5.9.1, a remote desktop application and screen mirroring, which has been discovered by Alexander Huamán Jaimes.
This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-6235: CVSS v3.1: 7.8 | CVSS: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CWE-427.
Solution
There is no reported solution at this time.
Detail
- CVE-2023-6235: an uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.