CVE-2024-7834

Local privilege escalation in Overwolf

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.

*Credits: Lukas Bühl <lukas.buehl@cirosec.de>

CVSS Scores

cirosec GmbHv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-08-15 CVE Reserved
2024-09-04 CVE Published
2024-09-04 CVE Updated
2024-09-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-427: Uncontrolled Search Path Element

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source
https://www.cirosec.de/sa/sa-2024-004	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Overwolf Search vendor "Overwolf"		Overwolf Search vendor "Overwolf" for product "Overwolf"				< 250.1.1 Search vendor "Overwolf" for product "Overwolf" and version " < 250.1.1"		en		Affected