Summaryinfo

A vulnerability, which was classified as problematic, was found in Razer Surround 1.1.63.0. The affected element is an unknown function of the file RzSurroundVADStreamingService.exe. Such manipulation leads to access control. This vulnerability is traded as CVE-2019-13142. An attack has to be approached locally. There is no exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Razer Surround 1.1.63.0. Affected by this issue is some unknown functionality of the file RzSurroundVADStreamingService.exe. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:

The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege.

The weakness was shared 07/09/2019. This vulnerability is handled as CVE-2019-13142 since 07/01/2019. Local access is required to approach this attack. A simple authentication is required for exploitation. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Razer

Name

• Surround

Version

• 1.1.63.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion