CVE-2018-17707

Name of the Vulnerable Software and Affected Versions Epic Games Launcher versions prior to 8.2.2

Description This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with this protocol can trigger execution of a system call composed from a user-supplied string, allowing an attacker to execute code in the context of the current user.

Recommendations For Epic Games Launcher versions prior to 8.2.2, update to version 8.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the com.epicgames.launcher protocol handler to minimize the risk of exploitation. Avoid opening malicious files or visiting untrusted web pages that could potentially trigger the vulnerability.