A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.
The vulnerability was acknowledged and fixed by Overwolf within 3 weeks. We want to thank Overwolf for their exemplary reaction to the vulnerability report.
CVSS Score
7.8 (CVSS v3) https://nvd.nist.gov/vuln/detail/CVE-2024-7834
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Version
Overwolf Version <250.1.1
Fixed Version
250.1.1
Credits
Lukas Bühl
Overwolf Support contacted per e-mail to determine preferred way of disclosing the vulnerability
Responsible Disclosure of the vulnerability per e-mail to the address stated by support
Confirmation of reception by Overwolf
Patch is published by Overwolf on the development channel
Lukas Bühl tested the patch and informed Overwolf that the issue seems to be fixed
Overwolf is asked whether a CVE may be registered through cirosec
Overwolf confirms that the patch is now published
Overwolf is contacted again, stating that we would be interested in registering a CVE which Overwolf agreed to
Published