The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
References
Link | Resource |
---|---|
https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation | Exploit Third Party Advisory |
https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - Exploit, Third Party Advisory |
16 Jun 2021, 16:39
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
CPE | cpe:2.3:a:arena:guild_wars_2:106916:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
09 Jun 2021, 15:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-09 15:15
Updated : 2024-11-21 05:21
NVD link : CVE-2020-27384
Mitre link : CVE-2020-27384
CVE.ORG link : CVE-2020-27384
JSON object : View
Products Affected
arena
- guild_wars_2
CWE
CWE-276
Incorrect Default Permissions