header-logo
Suggest Exploit
vendor:
Minecraft
by:
Ross Marks
7,2
CVSS
HIGH
Insecure File Permissions Local Privilege Escalation
732
CWE
Product Name: Minecraft
Affected Version From: 1.6.61
Affected Version To: 1.6.61
Patch Exists: No
Related CWE: N/A
CPE: a:mojang:minecraft
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 x86/x64
2020

Minecraft Launcher: Insecure File Permissions Local Privilege Escalation

Minecraft's launcher (minecraftLauncher.exe) suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Minecraft' and its files and sub-dirs world-writable. This would allow an attacker the ability to inject code or replace the MinecraftLauncher executable and have it run in the context of the system.

Mitigation:

Ensure that the permissions of the MinecraftLauncher.exe are set to the minimum required.
Source

Exploit-DB raw data:

Minecraft Launcher:     https://minecraft.net
Version:                1.6.61
By Ross Marks:          http://www.rossmarks.co.uk
Exploit-db:             https://www.exploit-db.com/author/?a=8724
Category:               Local
Tested on:              Windows 10 x86/x64
 
1) Insecure File Permissions Local Privilege Escalation
 
Minecraft's launcher (minecraftLauncher.exe) suffers from an elevation of privileges 
vulnerability which can be used by a simple user that can change the executable file 
with a binary of choice. The vulnerability exist due to the improper permissions,
with the 'F' flag (Full) for 'Users' group, making the entire directory 
'Minecraft' and its files and sub-dirs world-writable.

This would allow an attacker the ability to inject code or replace the MinecraftLauncher 
executable and have it run in the context of the system.
 
PoC:
 
C:\Program Files (x86)\Minecraft>icacls MinecraftLauncher.exe
MinecraftLauncher.exe BUILTIN\Users:(I)(F)
                      NT AUTHORITY\SYSTEM:(I)(F)
                      BUILTIN\Administrators:(I)(F)
                      PENTEST\ross.marks:(I)(F)
                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(I)(RX)

Successfully processed 1 files; Failed processing 0 files

Navigation

Suggest Exploit

Services By CQR