CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20726
https://notcve.org/view.php?id=CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en The Installer of Overwolf versiones 2.168.0.n y anteriores, permite a un atacante obtener privilegios y ejecutar código arbitrario con el privilegio del usuario que invoca al instalador por medio de una DLL de tipo caballo de Troya en un directorio no especificado • https://jvn.jp/en/jp/JVN78254777/index.html https://www.overwolf.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15932
https://notcve.org/view.php?id=CVE-2020-15932
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Overwolf versiones anteriores a 0.149.2.30, maneja inapropiadamente los Enlaces Simbólicos durante las actualizaciones, causando una elevación de privilegios • https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-005.md • CWE-59: Improper Link Resolution Before File Access ('Link Following') •