CVE-2021-20726

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
References
Link Resource
https://jvn.jp/en/jp/JVN78254777/index.html Third Party Advisory
https://www.overwolf.com/ Vendor Advisory
https://jvn.jp/en/jp/JVN78254777/index.html Third Party Advisory
https://www.overwolf.com/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:overwolf:overwolf:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:47

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN78254777/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN78254777/index.html - Third Party Advisory
References () https://www.overwolf.com/ - Vendor Advisory () https://www.overwolf.com/ - Vendor Advisory

03 May 2022, 16:04

Type Values Removed Values Added
CWE CWE-426 CWE-427

28 May 2021, 14:57

Type Values Removed Values Added
References (MISC) https://jvn.jp/en/jp/JVN78254777/index.html - (MISC) https://jvn.jp/en/jp/JVN78254777/index.html - Third Party Advisory
References (MISC) https://www.overwolf.com/ - (MISC) https://www.overwolf.com/ - Vendor Advisory
CWE CWE-426
CPE cpe:2.3:a:overwolf:overwolf:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.4
v3 : 7.8

24 May 2021, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-24 04:15

Updated : 2024-11-21 05:47


NVD link : CVE-2021-20726

Mitre link : CVE-2021-20726

CVE.ORG link : CVE-2021-20726


JSON object : View

Products Affected

overwolf

  • overwolf
CWE
CWE-427

Uncontrolled Search Path Element