CVE-2023-3181

HIGH

Splashtop Software Updater < - DLL Hijacking

Title source: llm

Description

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

References (1)

[Third Party Advisory] https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 6.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-379

Status published

Affected Products (6)

splashtop/mirroring360_receiver < 2.4.0.1

splashtop/mirroring360_sender < 1.3.0.0

splashtop/splashtop < 3.5.6.0

splashtop/splashtop < 3.5.8.0

splashtop/splashtop_for_rmm < 3.5.8.0

splashtop/streamer < 3.5.6.0

Timeline

Published Jan 25, 2024

Tracked Since Feb 18, 2026