overwolf 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-7834 | A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. | a341c0d1-ebf7-493f-a84e-38cf86618674 | 7.8 | 0.08% | 2024-09-04 | 2024-09-05 |
| CVE-2021-33501 | Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. | [email protected] | 9.6 | 4.97% | 2021-07-19 | 2024-11-21 |
| CVE-2021-20726 | Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | [email protected] | 7.8 | 0.08% | 2021-05-24 | 2024-11-21 |
| CVE-2020-25214 | In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. | [email protected] | 8.1 | 0.45% | 2020-10-16 | 2024-11-21 |
| CVE-2020-15932 | Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. | [email protected] | 8.8 | 0.51% | 2020-07-24 | 2024-11-21 |