CVE-2024-42052
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-42052 is a vulnerability affecting the MSI installer for Splashtop Streamer for Windows. Prior to version 3.5.8.0, the installer creates a temporary folder with insufficient permissions during installation. An attacker with local access can take advantage of this weakness by inserting a wevtutil.exe file into the folder, thereby escalating privileges up to SYSTEM level access. This flaw could potentially allow an attacker to gain deeper system control and potentially compromise the affected system. It is recommended that users update their installer to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Streamer