CVE-2024-42052

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 28, 2024
Updated: Jul 29, 2024

Summary

CVE-2024-42052 is a vulnerability affecting the MSI installer for Splashtop Streamer for Windows. Prior to version 3.5.8.0, the installer creates a temporary folder with insufficient permissions during installation. An attacker with local access can take advantage of this weakness by inserting a wevtutil.exe file into the folder, thereby escalating privileges up to SYSTEM level access. This flaw could potentially allow an attacker to gain deeper system control and potentially compromise the affected system. It is recommended that users update their installer to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share