7 matches found
CVE-2020-12431
The CVE-2020-12431 entry describes a Windows local privilege escalation in Splashtop Software Updater (before 1.5.6.16) due to insecure permissions on the updater’s configuration file and a named pipe, enabling a forced permission change of Splashtop files/directories and DLL hijacking to achieve...
CVE-2021-42712
The CVE-2021-42712 issue affects Splashtop Streamer up to version 3.4.8.3, where the application creates temporary files in a directory with insecure permissions. This root cause can lead to unauthorized access to temporary data and potential impact to confidentiality, integrity, and availability...
CVE-2024-42050
The CVE-2024-42050 entry concerns Splashtop Streamer for Windows. The vulnerability stems from the MSI installer creating a temporary folder with weak permissions during installation, enabling a local user to escalate privileges to SYSTEM by triggering an oplock on CredProvider_Inst.reg. Affected...
CVE-2024-42052
The CVE-2024-42052 issue concerns the MSI installer for Splashtop Streamer for Windows prior to version 3.5.8.0. The installer uses a temporary folder with weak permissions during installation, allowing a local user to escalate privileges to SYSTEM by placing a wevtutil.exe file in that folder. A...
CVE-2023-3181
CVE-2023-3181 affects Splashtop Software Updater (uninst.exe). The uninstaller creates a temporary folder at C:\Windows\Temp~nsu.tmp, copies itself as Au_.exe into that folder, and then Au_.exe is launched as SYSTEM on reboot or during an MSI repair via Splashtop Streamer’s Windows Installer. The...
CVE-2024-42051
The CVE-2024-42051 issue affects Splashtop Streamer for Windows before version 3.6.2.0. The MSI installer uses a temporary folder with weak permissions during installation, allowing a local user to escalate privileges to SYSTEM by replacing InstRegExp.reg. The vulnerability is a local privilege e...
CVE-2024-42053
The CVE concerns Splashtop Streamer for Windows prior to version 3.6.0.0. The MSI installer creates a temporary folder with weak permissions, allowing a local attacker to place a malicious version.dll and escalate to SYSTEM during installation. Affected component: MSI installer for Windows; root ...