CVE-2019-12177

HIGH

ViveportDesktopService <1.0.0.36 - Privilege Escalation

Title source: llm

Description

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

References (3)

[Vendor Advisory] https://community.viveport.com/

[Exploit, Third Party Advisory] https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8

[Not Applicable] https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

htc/viveport < 1.0.0.36

Timeline

Published Jun 03, 2019

Tracked Since Feb 18, 2026