Vulnerability in Ubi Uplay_pc

CVE-2014-5453

Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.

EPSS: 0.011 (78.1th percentile) — read the EPSS interpretation.

Affected products

Ubi Uplay_pc — versions 4.5.2.3010
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

108726 (x_refsource_OSVDB, vdb-entry)
33961 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)