Vulnerability Summary

Synaptics Sound Device Driver could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper access control in the CxUtilSvc.exe component. By executing a specially-crafted API, an authenticated attacker could exploit this vulnerability to gain access privileges to the Windows Registry.

Vulnerability Trend

Vendor Advisories

A potential security vulnerability has been identified with the Synaptics (previously Conexant) Sound Device Driver CxUtilSVcexe component Vulnerable versions of CxUtilSrvexe can allow privileged access to the registry ...

Github Repositories

CVE-2019-9730: Synaptics Audio Driver LPE The vulnerability in this driver package was with the CxUtilSvc system service It hosted a COM object that low-privileged code can use to perform arbitrary reads and writes to the registry as SYSTEM The NET code adds the IRegistryHelper COM interface as a reference to invoke its methods In terms of exploitation, a less subtle approa