PT-2021-11390 · Arenanet · Guild Wars 2

George Tsimpidas

Published

2021-06-09

Updated

2021-06-16

CVE-2020-27384

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Guild Wars 2 launcher version 106916

Description: The issue arises from improper permissions set on the Guild Wars 2 directory and its contents, allowing any authenticated user to modify files, including the Gw2-64.exe executable. This is due to the 'F' flag (Full Control) being set for the 'Everyone' group, making the directory and its files world-writable.

Recommendations: For Guild Wars 2 launcher version 106916, consider restricting the permissions on the Guild Wars 2 directory and its contents to prevent unauthorized modifications, specifically removing the 'F' flag (Full Control) for the 'Everyone' group.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-27384

Affected Products

Guild Wars 2

PT-2021-11390 · Arenanet · Guild Wars 2

CVE-2020-27384

Weakness Enumeration

Related Identifiers

Affected Products

References · 3