Описание
The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.
Ссылки
- Third Party Advisory
- Release Notes
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.8.0 (исключая)
cpe:2.3:a:splashtop:streamer:*:*:*:*:-:windows:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-Other
CWE-378
Связанные уязвимости
CVSS3: 7.8
github
больше 1 года назад
The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.
EPSS
Процентиль: 9%
0.00033
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-Other
CWE-378