Описание
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-44226
- https://www.razer.com/community
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txt
- http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html
- http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2022/Mar/51
- http://seclists.org/fulldisclosure/2023/Jan/26
- http://seclists.org/fulldisclosure/2023/Sep/6
Связанные уязвимости
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.