The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.