Pre-Installed Applications Developed with Portrait Displays SDK Contain Critical Vulnerability

Last Revised

Applications developed using the Portrait Displays software development kit (SDK), versions 2.30 through 2.34, contain a critical vulnerability. A local attacker could exploit this vulnerability to take control of an affected system.

The affected applications, pre-installed on some Fujitsu, HP, and Philips devices, are:

  • Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3.
  • Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9.
  • HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11.
  • HP My Display: Version 2.0. The issue was fixed in Version 2.1.
  • Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

US-CERT recommends users and administrators review Vulnerability Note VU#219739 for additional information and refer to their device vendors for appropriate patches. Portrait Displays has released a patch for its SDK software.

This product is provided subject to this Notification and this Privacy & Use policy.