N/A

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

N/A

N/A

Razer Synapse 3 代码问题漏洞

Razer Synapse 3是美国Razer公司的一个应用软件。基于云的统一硬件配置工具。 Razer Synapse 3.7.0228.022817之前版本存在安全漏洞，该漏洞源于Razer Synapse 3.7.0228.022817之前版本允许权限升级，因为它依赖于%PROGRAMDATA%RazerSynapse3Servicein，在安装Synapse之前，任何非特权用户都创建了%PROGRAMDATA%Razer。攻击者利用该漏洞将Trojan horse DLLs放置在此处。

N/A

N/A