League of Legends Screensaver - Insecure File Permissions Privilege Escalation

EDB-ID:

39903

CVE:

N/A




Platform:

Windows

Date:

2016-06-07


# Exploit Title: League of Legends Screensaver Insecure File Permissions
Privilege Escalation
# CVE-ID: NA
# Date: 13/04/2016
# Exploit Author: Vincent Yiu
# Contact: vysec.private@gmail.com
# Vendor Homepage: http://www.leagueoflegends.com
# Software Link: screensaver.euw.leagueoflegends.com/en_US
# Version: MD5 Hash: 0C1B02079CA8BF850D59DD870BC09963
# Tested on: Windows 7 Professional x64 fully updated.

1. Description:

The League of Legends screensaver was installed with insecure file
permissions. It was found that all folder and file permissions were
incorrectly configured during installation. It was possible to replace the
service binary.

This was reported to Riot Games and has been rectified in the latest
version.

2. Proof

http://i.imgur.com/5fVijDK.png

3. Exploit:

Replace service.exe in 'C:\Riot Games\LolScreenSaver\service' to run
service.exe as SYSTEM.


This is released on exploit-db as a means to make users aware. There was no way to automatically install a patch or update to fix this issue. It is recommended that the screensaver is uninstalled and redownloaded from the official website where this issue is now resolved.