Search

Vulnerability in Overwolf (CVE-2024-7834)

Overwolf is a software that is used for managing mods of games with 45 million active users every month.

CVE: CVE-2024-7834: Local Privilege Escalation

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.

The vulnerability was acknowledged and fixed by Overwolf within 3 weeks. We want to thank Overwolf for their exemplary reaction to the vulnerability report.

CVSS Score
7.8 (CVSS v3) https://nvd.nist.gov/vuln/detail/CVE-2024-7834

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Version
Overwolf Version <250.1.1

Fixed Version
250.1.1

Credits
Lukas Bühl

Timeline

Do you want to protect your systems? Get in touch with us.
Search
Search