CVE-2024-42053

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 28, 2024
Updated: Aug 1, 2024
CWE ID 276

Summary

CVE-2024-42053 is a newly disclosed vulnerability affecting the MSI installer for Splashtop Streamer for Windows. Before version 3.6.0.0, this software utilizes a temporary folder with permissive access during installation. An attacker present as a local user can capitalize on this weakness by depositing a malicious version.dll file in the designated folder, thereby escalating their privileges to the SYSTEM level.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share