Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Permissions in Splashtop Software Updater
Vulnerability Description
The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在具有不安全权限的目录中创建临时文件
Vulnerability Title
Splashtop Software Updater 安全漏洞
Vulnerability Description
Splashtop Software Updater是美国Splashtop公司的一款用于Splashtop产品的软件更新应用程序。 Splashtop Software Updater 1.5.6.21 及之前版本影响存在安全漏洞,该漏洞源于允许本地非特权攻击者提升系统级权限,并且在具有不安全权限的目录中创建临时文件。
CVSS Information
N/A
Vulnerability Type
N/A