League of Legends Screensaver - Insecure File Permissions Privilege Escalation

EDB-ID:

39903

CVE:

N/A

EDB Verified:

Author:

Vincent Yiu

Type:

local

Exploit:   /  

Platform:

Windows

Date:

2016-06-07

Vulnerable App: 
# Exploit Title: League of Legends Screensaver Insecure File Permissions
Privilege Escalation
# CVE-ID: NA
# Date: 13/04/2016
# Exploit Author: Vincent Yiu
# Contact: vysec.private@gmail.com
# Vendor Homepage: http://www.leagueoflegends.com
# Software Link: screensaver.euw.leagueoflegends.com/en_US
# Version: MD5 Hash: 0C1B02079CA8BF850D59DD870BC09963
# Tested on: Windows 7 Professional x64 fully updated.

1. Description:

The League of Legends screensaver was installed with insecure file
permissions. It was found that all folder and file permissions were
incorrectly configured during installation. It was possible to replace the
service binary.

This was reported to Riot Games and has been rectified in the latest
version.

2. Proof

http://i.imgur.com/5fVijDK.png

3. Exploit:

Replace service.exe in 'C:\Riot Games\LolScreenSaver\service' to run
service.exe as SYSTEM.


This is released on exploit-db as a means to make users aware. There was no way to automatically install a patch or update to fix this issue. It is recommended that the screensaver is uninstalled and redownloaded from the official website where this issue is now resolved.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services