CVE-2024-42053 is a local privilege escalation vulnerability affecting the MSI installer of Splashtop Streamer for Windows versions prior to 3.6.0.0. During installation, the MSI installer creates and uses a temporary folder with weak permissions, which allows any local user to write files into this directory. An attacker can exploit this by placing a malicious DLL named version.dll into the temporary folder. When the installer subsequently loads this DLL, the attacker's code executes with SYSTEM privileges, effectively escalating their privileges from a low-privileged user to full system control. This vulnerability is categorized under CWE-276, which relates to improper permissions on temporary files or directories. The CVSS v3.1 base score is 7.8, reflecting high severity due to the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no requirement for user interaction. Although no public exploits are currently known, the vulnerability represents a significant risk because it allows local attackers to bypass privilege boundaries and gain full control over affected systems. The issue highlights the importance of secure handling of temporary files and directories during software installation processes.

If exploited, this vulnerability allows a local attacker to escalate privileges to SYSTEM level, granting them full control over the affected Windows system. This can lead to unauthorized access to sensitive data, installation of persistent malware, disabling of security controls, and lateral movement within an organization's network. The compromise of SYSTEM privileges effectively undermines all security mechanisms on the host, potentially leading to complete system takeover. Organizations relying on Splashtop Streamer for remote access or support could see significant operational disruption and data breaches if attackers leverage this flaw. The vulnerability is particularly dangerous in environments where multiple users have local access or where endpoint security is lax. Although exploitation requires local access, the ease of exploitation and high impact make it a critical concern for enterprise and managed service provider environments.

Organizations should immediately upgrade Splashtop Streamer for Windows to version 3.6.0.0 or later, where this vulnerability is fixed. If upgrading is not immediately possible, restrict local user permissions to prevent untrusted users from writing to temporary directories used during installation. Implement application whitelisting and endpoint detection to monitor for unauthorized DLL loading or suspicious installer behavior. Use least privilege principles to limit local user rights and prevent unauthorized software installation. Additionally, conduct regular audits of file system permissions on temporary folders used by installers. Employ host-based intrusion prevention systems (HIPS) to detect and block DLL hijacking attempts. Finally, educate IT staff and users about the risks of local privilege escalation and ensure that remote access tools like Splashtop are kept up to date with security patches.