CVE-2019-13142

Name of the Vulnerable Software and Affected Versions Razer Surround version 1.1.63.0

Description The issue concerns the RzSurroundVADStreamingService in Razer Surround, which runs as the SYSTEM user. It uses an executable located in a folder with a DACL that allows any user to overwrite the contents of files in this folder. This results in an Elevation of Privilege.

Recommendations For Razer Surround version 1.1.63.0, consider restricting access to the %PROGRAMDATA%RazerSynapseDevicesRazer SurroundDriver folder to prevent unauthorized overwriting of files until a patch is available.