← Advisories

Epic Games Launcher 7.9.4-4058369 Insecure File Permissions

Medium

Advisory ID

ZSL-2018-5468

Release Date

21 May 2018

Vendor

Epic Games, Inc. - https://www.epicgames.com

Affected Version

7.9.4-4058369, 7.9.3-4051644, 7.9.2, 7.9.1-4016505, 7.8.0-3988049, 7.7.0

CVE

N/A

Tested On

Microsoft Windows 10 Home

Summary

Epic Games Launcher is a shareware desktop tool that allows you to buy and download games and other products from Epic Games. Through this program, you can get games like Fortnite, Unreal Tournament, Shadow Complex, and Paragon. Also, you can download tools like Unreal Engine and ARK Dev Kit. The program includes a social feature that allows you to add friends, change your status, and more.

Description

The Epic Games Launcher suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group.

Proof of Concept

epiclauncher_eop.txtTXT

Disclosure Timeline

10.04.2018Vulnerability discovered.

09.05.2018Vendor contacted.

11.05.2018Vendor replied confirming message received.

20.05.2018No response from the vendor.

21.05.2018Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2018050177

[2]https://packetstormsecurity.com/files/147803

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/143687

Changelog

21.05.2018Initial release

29.05.2018Added reference [1], [2] and [3]