Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation in Overwolf
Vulnerability Description
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Overwolf 安全漏洞
Vulnerability Description
Overwolf是以色列Overwolf公司的一款支持使用HTML和JavaScript构建游戏的框架。 Overwolf 250.1.1之前版本存在安全漏洞,该漏洞源于在启动时从SYSTEM上下文中的用户可写文件夹加载并执行某些动态链接库文件,导致本地权限提升,允许对系统具有非特权访问权限的攻击者通过在相应位置放置恶意dll文件以SYSTEM权限运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A