CVE-2024-42051

Name of the Vulnerable Software and Affected Versions Splashtop Streamer for Windows versions prior to 3.6.2.0

Description The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.

Recommendations For versions prior to 3.6.2.0, update to version 3.6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary folder used during installation to minimize the risk of exploitation.