Published: 05/06/2019 Updated: 07/06/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local malicious user to increase access privileges to the Windows Registry via an unpublished API.

Vulnerability Trend

Vendor Advisories

A potential security vulnerability has been identified with the Synaptics (previously Conexant) Sound Device Driver CxUtilSVcexe component Vulnerable versions of CxUtilSrvexe can allow privileged access to the registry ...

Github Repositories

CVE-2019-9730: Synaptics Audio Driver LPE The vulnerability in this driver package was with the CxUtilSvc system service It hosted a COM object that low-privileged code can use to perform arbitrary reads and writes to the registry as SYSTEM The NET code adds the IRegistryHelper COM interface as a reference to invoke its methods In terms of exploitation, a less subtle approa