The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.
References
Configurations
History
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md - Third Party Advisory | |
References | () https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released - Release Notes |
19 Sep 2024, 14:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md - Third Party Advisory | |
References | () https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released - Release Notes | |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:splashtop:streamer:*:*:*:*:-:windows:*:* | |
First Time |
Splashtop streamer
Splashtop |
29 Jul 2024, 14:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Jul 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-28 03:15
Updated : 2024-11-21 09:33
NVD link : CVE-2024-42052
Mitre link : CVE-2024-42052
CVE.ORG link : CVE-2024-42052
JSON object : View
Products Affected
splashtop
- streamer
CWE