Advisories

Vulnerability in Overwolf (CVE-2024-7834)

Overwolf is a software that is used for managing mods of games with 45 million active users every month.

CVE: CVE-2024-7834: Local Privilege Escalation

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.

The vulnerability was acknowledged and fixed by Overwolf within 3 weeks. We want to thank Overwolf for their exemplary reaction to the vulnerability report.

CVSS Score
7.8 (CVSS v3)

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Version
Overwolf Version <250.1.1

Fixed Version
250.1.1

References
https://nvd.nist.gov/vuln/detail/CVE-2024-7834

Credits
Lukas Bühl

Timeline

2024-04-19

Overwolf Support contacted per e-mail to determine preferred way of disclosing the vulnerability

2024-04-24

Responsible Disclosure of the vulnerability per e-mail to the address stated by support

2024-04-24

Confirmation of reception by Overwolf

2024-05-05

Patch is published by Overwolf on the development channel

2024-05-06

Lukas Bühl tested the patch and informed Overwolf that the issue seems to be fixed

2024-06-13

Overwolf is asked whether a CVE may be registered through cirosec

2024-06-15

Overwolf confirms that the patch is now published

2024-07-04

Overwolf is contacted again, stating that we would be interested in registering a CVE which Overwolf agreed to

2024-09-04

Published

Do you want to protect your systems? Feel free to get in touch with us.

Month: September 2024