2 matches found
CVE-2012-4177
The CVE-2012-4177 issue affects Ubisoft Uplay PC before 2.0.4, arising from the web browser plugin’s handling of the -orbit_exe_path argument. A remote, unauthenticated attacker could lure a user to a crafted webpage to trigger arbitrary code execution via the ActiveX/plugin, as documented by mul...
CVE-2014-5453
Affected product: Ubisoft Uplay PC. Vulnerability: before version 4.6.1.3217, the installer directory (%PROGRAMFILES%\Ubisoft Game Launcher) has Everyone: Full Control, enabling local privilege escalation via a Trojan horse file. Root cause is weak permissions on the program installation director...