CVE-2023-6235 – Arbitrary code execution in Duet Display

https://notcve.org/view.php?id=CVE-2023-6235

21 Nov 2023 — An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code. Se ha encontrado una vulnerabilidad de elemento de ruta de búsqueda no controlada en el producto Duet Display, que afecta a la versión 2.5.9.1. Un atacante podría colocar un archivo libusk.dll arbitra... • https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display • CWE-427: Uncontrolled Search Path Element •