CVE-2021-20726

Published: May 24, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

Affected (1)

Products: Overwolf: Overwolf

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Overwolf Overwolf	Up to 2.168.0.n

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

https://jvn.jp/en/jp/JVN78254777/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.overwolf.com/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN78254777/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.overwolf.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.