Portrait Display SDK PdiService Insecure Privileges Local Privilege Escalation

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The Portrait Displays SDK Service (PdiService) running on the remote
Windows host is affected by a privilege escalation vulnerability.

Description :

The Portrait Displays SDK Service (PdiService) running on the remote
Windows host is affected by a privilege escalation vulnerability due
to insecurely configured permissions. The service is writable to all
authenticated users on the system while running with AUTHORITY/SYSTEM
privileges. A local attacker can exploit this to run arbitrary code
with SYSTEM privileges.

See also :

http://www.nessus.org/u?17cb896e
http://seclists.org/fulldisclosure/2017/Apr/104
http://www.portrait.com/securityupdate.html
http://www.kb.cert.org/vuls/id/219739

Solution :

Apply the vendor-supplied patch. Alternatively, use the following
command to remove read/write permissions from 'Authenticated Users' :

sc sdset pdiservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 99727 ()

Bugtraq ID: 98006

CVE ID: CVE-2017-3210

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now