CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54131 – Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
https://notcve.org/view.php?id=CVE-2024-54131
03 Dec 2024 — The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory. This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These inc... • https://github.com/kolide/launcher/pull/1510 • CWE-276: Incorrect Default Permissions CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-17707 – Epic Games Launcher Protocol Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17707
23 Nov 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can le... • https://www.zerodayinitiative.com/advisories/ZDI-18-1359 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •