CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.6EPSS: 3%CPEs: 1EXPL: 2CVE-2021-33501
https://notcve.org/view.php?id=CVE-2021-33501
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. Overwolf Client 0.169.0.22, permite un ataque de tipo XSS, con Ejecución de Código Remota resultante, por medio de una URL overwolfstore:// • https://github.com/swordbytes/Advisories/blob/master/2021/Advisory_CVE-2021-33501.pdf https://swordbytes.com/blog/security-advisory-overwolf-1-click-remote-code-execution-cve-2021-33501 https://www.overwolf.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20726
https://notcve.org/view.php?id=CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en The Installer of Overwolf versiones 2.168.0.n y anteriores, permite a un atacante obtener privilegios y ejecutar código arbitrario con el privilegio del usuario que invoca al instalador por medio de una DLL de tipo caballo de Troya en un directorio no especificado • https://jvn.jp/en/jp/JVN78254777/index.html https://www.overwolf.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25214
https://notcve.org/view.php?id=CVE-2020-25214
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. En el cliente de Overwolf 0.149.2.30, un canal puede ser accedido o influenciado por un actor que no es un endpoint • https://github.com/immunityinc/Advisories/blob/master/2020/CVE-2020-25214.pdf •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15932
https://notcve.org/view.php?id=CVE-2020-15932
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Overwolf versiones anteriores a 0.149.2.30, maneja inapropiadamente los Enlaces Simbólicos durante las actualizaciones, causando una elevación de privilegios • https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-005.md • CWE-59: Improper Link Resolution Before File Access ('Link Following') •