CVE-2020-27384

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:arena:guild_wars_2:106916:*:*:*:*:*:*:*

History

21 Nov 2024, 05:21

Type Values Removed Values Added
References () https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - Exploit, Third Party Advisory () https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - Exploit, Third Party Advisory

16 Jun 2021, 16:39

Type Values Removed Values Added
CWE CWE-276
CPE cpe:2.3:a:arena:guild_wars_2:106916:*:*:*:*:*:*:*
References (MISC) https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - (MISC) https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8

09 Jun 2021, 15:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-09 15:15

Updated : 2024-11-21 05:21


NVD link : CVE-2020-27384

Mitre link : CVE-2020-27384

CVE.ORG link : CVE-2020-27384


JSON object : View

Products Affected

arena

  • guild_wars_2
CWE
CWE-276

Incorrect Default Permissions