Synaptics Fingerprint Driver Co-Installer Privilege Escalation Vulnerability

A vulnerability exists in the Synaptics Fingerprint Driver's co-installer, which can lead to unauthorized code execution with elevated privileges. This issue arises when a maliciously crafted DLL is placed in the C:\ProgramData\Synaptics directory. During the driver installation, the co-installer executes a utility called CheckFPDatabase.exe with elevated rights. This utility loads DLLs from the default system path, allowing the injected malicious DLL to be executed instead of the legitimate one.

Impact

Exploitation of this vulnerability allows local users to execute arbitrary code with elevated privileges, potentially leading to unauthorized system modifications or access.

Reproduction

To reproduce this vulnerability, create the C:\ProgramData\Synaptics folder and place a malicious DLL inside it, ensuring the DLL name matches that of a required system DLL. When the Synaptics Fingerprint Driver is installed, the co-installer will run CheckFPDatabase.exe, which will load the malicious DLL with elevated privileges, thereby executing the injected code.

Remediation

Users can upgrade to Synaptics Fingerprint Driver versions 5.5.3537.1066 or 5.5.4022.1052 to address this vulnerability.