ACTIVE-2020-005: Overwolf Symbolic Link Privilege Escalation
Vulnerability Type:
Privilege Escalation
Vendors:
Overwolf
CVE ID:
CVE-2020-15932
Affected Products:
- Overwolf prior to version 0.149.2.30
Summary:
Overwolf update mechanism is susceptible to file redirection attacks via Symbolic Links which can be triggered by standard users through multiple methods leading to elevation of privileges from standard users to NT AUTHORITY\SYSTEM.
Mitigation:
The vendor has released a patch in version 0.149.2.30 addressing this vulnerability.
Credit:
This vulnerability was found by Hashim Jawad of ACTIVELabs.
References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15932
- https://nvd.nist.gov/vuln/detail/CVE-2020-15932
Disclosure Timeline:
- 03-06-20: ACTIVELabs contacted Overwolf support requesting security contact and PGP key
- 03-08-20: Overwolf support responded that we can send it over to support and they will be forwarded it to the relevant department
- 03-15-20: Overwolf support sent PGP key
- 03-17-20: ACTIVELabs sent security vulnerability report and requested timeline for patch
- 03-17-20: Overwolf support responded there might be some delay in response to the issue due to COVID-19
- 03-17-20: Overwolf security team responded that they will fix as soon as possible
- 03-19-20: Overwolf security team sent number of possible fixes and requested feedback
- 03-20-20: ACTIVELabs provided feedback on suggested fixes
- 03-24-20: Overwolf security team responded that new version will be released to QA as soon as possible
- 04-13-20: ACTIVELabs requested an update
- 04-21-20: Overwolf security team shared patch and requested to test it
- 04-28-20: ACTIVELabs sent a report detailing the new patch bypass
- 04-29-20: Overwolf security team responded that they will work on implementing new fix and requested feedback
- 04-30-20: ACTIVELabs provided feedback on suggested fixes
- 05-15-20: ACTIVELabs requested an update
- 05-17-20: Overwolf security team responded a fix will be released in 2-3 weeks
- 06-04-20: ACTIVELabs requested an update
- 06-04-20: Overwolf security team stated that few more protections will be incorporated, and the fix will be pushed out in another 2-3 weeks
- 06-19-20: ACTIVELabs requested an update
- 06-24-20: Overwolf security team shared patch and requested to test it
- 06-25-20: ACTIVELabs sent a report detailing the new patch bypass and suggested a fix
- 06-29-20: Overwolf security team stated they are currently working on few fixes to eliminate the issue and plan on phasing it out starting on 7/12/2020
- 07-07-20: Overwolf security team shared patch and requested to test it
- 07-07-20: ACTIVELabs confirmed the patch has nullified the reported vulnerability
- 07-16-20: Version 0.149.2.30 released
- 07-20-20: ACTIVELabs publishes this advisory
- 07-20-20: ACTIVELabs request CVE from MITRE
- 07-23-20: CVE-2020-15932 assigned