Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation

🗓️ 03 Jul 2014 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 36 Views

Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation. Vulnerability allows a simple user to change executable files, leading to privilege escalation. Vendor released fixed version 4.6.1.3217

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2014-5453
3 Jul 201400:00
circl
CVE		CVE-2014-5453
25 Aug 201416:00
cve
Cvelist		CVE-2014-5453
25 Aug 201416:00
cvelist
EUVD		EUVD-2014-5340
7 Oct 202500:30
euvd
NVD		CVE-2014-5453
25 Aug 201416:55
nvd
Prion		Design/Logic Flaw
25 Aug 201416:55
prion
RedhatCVE		CVE-2014-5453
22 May 202504:24
redhatcve
<html><body><p>Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation


Vendor: Ubisoft Entertainment S.A.
Product web page: http://www.ubi.com
Affected version: 4.6.3208 (PC)
                  4.5.2.3010 (PC)


Summary: Uplay is a digital distribution, digital rights management,
multiplayer and communications service created by Ubisoft to provide
an experience similar to the achievements/trophies offered by various
other game companies.

 - Uplay PC is a desktop client which replaces individual game launchers
 previously used for Ubisoft games. With Uplay PC, you have all your Uplay
 enabled games and Uplay services in the same place and you get access to
 a whole new set of features for your PC games.

Desc: Uplay for PC suffers from an elevation of privileges vulnerability
which can be used by a simple user that can change the executable file
with a binary of choice. The vulnerability exist due to the improper
permissions, with the 'F' flag (Full) for 'Everyone' group, making the
entire directory 'Ubisoft Game Launcher' and its files and sub-dirs
world-writable.

Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2014-5191
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5191.php

Vendor: http://forums.ubi.com/forumdisplay.php/513-Uplay


30.05.2014

--


=======================================================================

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;icacls *.exe |findstr Everyone
UbisoftGameLauncher.exe Everyone:(I)(F)
UbisoftGameLauncher64.exe Everyone:(I)(F)
Uninstall.exe Everyone:(I)(F)
Uplay.exe Everyone:(I)(F)
UplayCrashReporter.exe Everyone:(I)(F)
UplayService.exe Everyone:(I)(F)

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;


=======================================================================

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;icacls Uplay.exe
Uplay.exe Everyone:(I)(F)
          NT AUTHORITY\SYSTEM:(I)(F)
          BUILTIN\Administrators:(I)(F)
          BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;

=======================================================================

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;icacls *.exe |findstr (F)
UbisoftGameLauncher.exe Everyone:(I)(F)
                        NT AUTHORITY\SYSTEM:(I)(F)
                        BUILTIN\Administrators:(I)(F)
UbisoftGameLauncher64.exe Everyone:(I)(F)
                          NT AUTHORITY\SYSTEM:(I)(F)
                          BUILTIN\Administrators:(I)(F)
Uninstall.exe Everyone:(I)(F)
              NT AUTHORITY\SYSTEM:(I)(F)
              BUILTIN\Administrators:(I)(F)
Uplay.exe Everyone:(I)(F)
          NT AUTHORITY\SYSTEM:(I)(F)
          BUILTIN\Administrators:(I)(F)
UplayCrashReporter.exe Everyone:(I)(F)
                       NT AUTHORITY\SYSTEM:(I)(F)
                       BUILTIN\Administrators:(I)(F)
UplayService.exe Everyone:(I)(F)
                 NT AUTHORITY\SYSTEM:(I)(F)
                 BUILTIN\Administrators:(I)(F)

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;

=======================================================================

C:\Program Files (x86)\Ubisoft&gt;icacls "Ubisoft Game Launcher"
Ubisoft Game Launcher Everyone:(OI)(CI)(F)
                      NT SERVICE\TrustedInstaller:(I)(F)
                      NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                      NT AUTHORITY\SYSTEM:(I)(F)
                      NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                      BUILTIN\Administrators:(I)(F)
                      BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                      BUILTIN\Users:(I)(RX)
                      BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                      CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Program Files (x86)\Ubisoft&gt;

=======================================================================
=======================================================================

Changed permissions (vendor fix):
---------------------------------

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;cacls Uplay.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe BUILTIN\Users:(ID)(special access:)
                                                                                 DELETE
                                                                                 READ_CONTROL
                                                                                 WRITE_DAC
                                                                                 WRITE_OWNER
                                                                                 STANDARD_RIGHTS_REQUIRED
                                                                                 FILE_READ_DATA
                                                                                 FILE_WRITE_DATA
                                                                                 FILE_APPEND_DATA
                                                                                 FILE_READ_EA
                                                                                 FILE_WRITE_EA
                                                                                 FILE_EXECUTE

                                                               NT AUTHORITY\SYSTEM:(ID)F
                                                               BUILTIN\Administrators:(ID)F
                                                               BUILTIN\Users:(ID)R
                                                               labpc\user4dmin:(ID)F


C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher&gt;

=======================================================================
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jul 2014 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 27.2
EPSS0.01069
ubisoftuplayinsecure file permissionslocal privilege escalationvulnerabilityuserexecutablefixvendorzero science lab
36