The MSI installer for Splashtop Streamer for Windows versions < 3.6.0.0 uses a temporary folder with weak permissions during installation. A local authenticated user can exploit this to escalate privileges to SYSTEM.
CVE-2024-42053
Base score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
If the MSI installer still exists in the original location it was executed from, or it was originally executed from a location it can be copied back to, a regular user can force a reinstall of the product. During reinstall, an executable will attempt to load a DLL (version.dll) from a user-writable folder in the user's %TEMP% directory. A local authenticated user can place an arbitrary proxy DLL with that name in the folder, and it will be loaded and executed in the SYSTEM context.