The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
References
Link | Resource |
---|---|
https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-09T14:54:09
Updated: 2021-06-09T14:54:09
Reserved: 2020-10-21T00:00:00
Link: CVE-2020-27384
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-09T15:15:08.143
Modified: 2021-06-16T16:39:34.453
Link: CVE-2020-27384
JSON object: View
Redhat Information
No data.
CWE