CVE-2024-42050

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Jul 28, 2024
Updated: Aug 1, 2024
CWE ID 269

Summary

CVE-2024-42050 is a vulnerability affecting the MSI installer for Splashtop Streamer for Windows prior to version 3.7.0.0. The issue arises from weak permissions on a temporary folder used during installation. An attacker with local access can manipulate this vulnerability by utilizing an oplock on CredProvider_Inst.reg, thereby escalating their privileges to the SYSTEM level. This security hole could potentially allow unauthorized system-level access and compromise the system's integrity. Users are advised to update to the latest version of Splashtop Streamer for Windows to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share