Vulnerabilities > CVE-2024-42052 - Unspecified vulnerability in Splashtop Streamer 3.3.8.0/3.5.0.0/3.5.6.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md
- https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md
- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released
- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released