Razer Synapse Race Condition / DLL Hijacking

Razer Synapse versions before 3.8.0428.042117 (20230601) suffer from multiple vulnerabilities. Due to an unsafe installation path, improper privilege management, and a time-of-check time-of-use race condition, the associated system service "Razer Synapse Service" is vulnerable to DLL hijacking. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

abuse administrative privileges check dll dll hijacking driver hijacking installation installer local management path privilege privileges race race condition razer result service synapse system vulnerabilities vulnerable windows