CVE-2024-42051

CVSS 7.8 HIGHEPSS 0.2%CWE-1391

The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.

CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released