CVE-2024-11872
CVSS 3.0 Score 7.8 of 10 (high)
Details
Published Dec 12, 2024
CWE ID 276
Summary
CVE-2024-11872 is a local privilege escalation vulnerability affecting Epic Games Launcher. An attacker must initially gain the ability to execute low-privileged code on the target system. The vulnerability lies within the product installer, which incorrectly sets default permissions on a sensitive folder. By exploiting this flaw, an attacker can escalate privileges and execute arbitrary code with SYSTEM-level access. This vulnerability, originally identified as ZDI-CAN-24329, poses a significant risk to affected installations of Epic Games Launcher.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share