League of Legends Screensaver Insecure File Permissions Privilege Escalation

vendor:

League of Legends Screensaver

by:

Vincent Yiu

7,2

CVSS

HIGH

Insecure File Permissions Privilege Escalation

264

CWE

Product Name: League of Legends Screensaver

Affected Version From: NA

Affected Version To: NA

Patch Exists: NO

Related CWE: NA

CPE: NA

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 Professional x64

2016

League of Legends Screensaver Insecure File Permissions Privilege Escalation

The League of Legends screensaver was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary. This was reported to Riot Games and has been rectified in the latest version.

Mitigation:

Uninstall and redownload the screensaver from the official website where this issue is now resolved.

Source

Exploit-DB raw data:

# Exploit Title: League of Legends Screensaver Insecure File Permissions
Privilege Escalation
# CVE-ID: NA
# Date: 13/04/2016
# Exploit Author: Vincent Yiu
# Contact: vysec.private@gmail.com
# Vendor Homepage: http://www.leagueoflegends.com
# Software Link: screensaver.euw.leagueoflegends.com/en_US
# Version: MD5 Hash: 0C1B02079CA8BF850D59DD870BC09963
# Tested on: Windows 7 Professional x64 fully updated.

1. Description:

The League of Legends screensaver was installed with insecure file
permissions. It was found that all folder and file permissions were
incorrectly configured during installation. It was possible to replace the
service binary.

This was reported to Riot Games and has been rectified in the latest
version.

2. Proof

http://i.imgur.com/5fVijDK.png

3. Exploit:

Replace service.exe in 'C:\Riot Games\LolScreenSaver\service' to run
service.exe as SYSTEM.


This is released on exploit-db as a means to make users aware. There was no way to automatically install a patch or update to fix this issue. It is recommended that the screensaver is uninstalled and redownloaded from the official website where this issue is now resolved.