CVE-2017-14398
- EPSS 0.05%
- Veröffentlicht 13.09.2017 08:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.
CVE-2017-11652
- EPSS 0.04%
- Veröffentlicht 18.08.2017 17:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
CVE-2017-11653
- EPSS 0.04%
- Veröffentlicht 18.08.2017 17:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
- EPSS 77.77%
- Veröffentlicht 02.08.2017 19:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.