7.8

CVE-2024-11872

EPSS 0.19%
Veröffentlicht 12.12.2024 01:40:20
Zuletzt bearbeitet 15.08.2025 18:32:32
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Epicgames ≫ Launcher Version16.6.0-33806133

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.085

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720

Release Notes

https://www.zerodayinitiative.com/advisories/ZDI-24-1646/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-11872

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-11872

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-11872

EUVD