Two vulnerabilities have been confirmed to be detected in Epic Games Launcher, the online library and account management tool for PC gaming. According to the report, the successful exploitation of these flaws would allow the deployment of multiple hacking tactics.
Below are brief descriptions of the reported flaws, in addition to their scores assigned under the Common Vulnerability Scoring System (CVSS). These flaws do not yet receive a CVE identification key.
No CVE key: A bug in link tracking within the Epic Games installer would allow a local user to create a symbolic link to abuse the installer, overwrite a file, and perform a denial of service (DoS) attack on the affected system.
The vulnerability received a CVSS score of 5.1/10 and is considered a low-severity bug.
No CVE key: A link tracking issue within the Epic Games installer would allow local users to create a symbolic link to abuse the installer, delete a file, and deploy DoS attacks.
The flaw received a CVSS score of 5.1/10.
According to the report, the vulnerabilities reside in all versions of Epic Games Launcher for Windows and macOS systems.
These problems can only be exploited locally, which considerably reduces the risk of exploitation. So far no active exploitation attempts have been detected, although cybersecurity specialists recommend disabling Epic Games Launcher since there are no patches available to correct these flaws.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
The post Two vulnerabilities in Epic Games Launcher allow DoS attacks appeared first on Information Security Newspaper | Hacking News.