Razer Synapse before 3.7.0228.022817 allows privilege...
High severity
Unreviewed
Published
Mar 25, 2022
to the GitHub Advisory Database
•
Updated Sep 18, 2023
Description
Published by the National Vulnerability Database
Mar 23, 2022
Published to the GitHub Advisory Database
Mar 25, 2022
Last updated
Sep 18, 2023
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
References