CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVE-2021-20726
https://notcve.org/view.php?id=CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en The Installer of Overwolf versiones 2.168.0.n y anteriores, permite a un atacante obtener privilegios y ejecutar código arbitrario con el privilegio del usuario que invoca al instalador por medio de una DLL de tipo caballo de Troya en un directorio no especificado • https://jvn.jp/en/jp/JVN78254777/index.html https://www.overwolf.com • CWE-427: Uncontrolled Search Path Element •
CVE-2020-25214
https://notcve.org/view.php?id=CVE-2020-25214
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. En el cliente de Overwolf 0.149.2.30, un canal puede ser accedido o influenciado por un actor que no es un endpoint • https://github.com/immunityinc/Advisories/blob/master/2020/CVE-2020-25214.pdf •