Weak Permissions in MSI Installer Can Lead to Escalated Privileges
CVE-2024-42051

7.8HIGH

Key Information:

Vendor: Splashtop
Vendor: CVE Published:; 28 July 2024

What is CVE-2024-42051?

The MSI installer for Splashtop Streamer for Windows, prior to version 3.6.2.0, contains a vulnerability related to inadequate permissions on a temporary folder utilized during installation. This flaw allows a local user to exploit the weakness and escalate privileges to SYSTEM level by substituting the InstRegExp.reg file. Organizations using vulnerable versions should review their installations and apply the latest updates to mitigate this security risk.

References

https://github.com/SpacePlant/Vulns/blob/main/Advisories/...

https://support-splashtopbusiness.splashtop.com/hc/en-us/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2024
Vulnerability Reserved
Jul 28, 2024