Streamer Security Vulnerabilities

CVE-2020-12431

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resul...

CVE-2021-42712

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2024-42052

The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.