CVE-2024-42050
CVSS 3.1 Score 7.0 of 10 (high)
Details
Summary
CVE-2024-42050 is a vulnerability affecting the MSI installer for Splashtop Streamer for Windows prior to version 3.7.0.0. The issue arises from weak permissions on a temporary folder used during installation. An attacker with local access can manipulate this vulnerability by utilizing an oplock on CredProvider_Inst.reg, thereby escalating their privileges to the SYSTEM level. This security hole could potentially allow unauthorized system-level access and compromise the system's integrity. Users are advised to update to the latest version of Splashtop Streamer for Windows to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Streamer