CVE-2017-11652 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11652
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio CrashReporter, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano dbghelp.dll. Razer Synapse versions 2.20.15.1104 and below suffer from multiple dll search order hijacking vulnerabilities. • http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-11653 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11653
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio Devices, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll. Razer Synapse versions 2.20.15.1104 and below suffer from multiple dll search order hijacking vulnerabilities. • http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html • CWE-732: Incorrect Permission Assignment for Critical Resource •