CVE-2024-42051

HIGH

Splashtop Streamer <3.6.2.0 - Privilege Escalation

Title source: llm

Description

The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.

References (2)

[Third Party Advisory] https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md

View Writeup ZIP pw:eip

[Release Notes] https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 10.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1391

Status published

Products (1)

splashtop/streamer < 3.6.2.0

Published Jul 28, 2024

Tracked Since Feb 18, 2026