ID |
CVE-2024-42050
|
Sažetak |
The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. |
Reference |
|
CVSS |
Base: | 7.0 |
Impact: | 5.9 |
Exploitability: | 1.0 |
|
Pristup |
Vektor | Složenost | Autentikacija |
LOCAL |
HIGH |
LOW |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
HIGH |
HIGH |
HIGH |
|
CVSS vektor |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Zadnje važnije ažuriranje |
01-08-2024 - 13:59 |
Objavljeno |
28-07-2024 - 03:15 |