Two vulnerabilities have been confirmed to be detected in Epic Games Launcher, the online library and account management tool for PC gaming. According to the report, the successful exploitation of these flaws would allow the deployment of multiple hacking tactics.

Below are brief descriptions of the reported flaws, in addition to their scores assigned under the Common Vulnerability Scoring System (CVSS). These flaws do not yet receive a CVE identification key.

No CVE key: A bug in link tracking within the Epic Games installer would allow a local user to create a symbolic link to abuse the installer, overwrite a file, and perform a denial of service (DoS) attack on the affected system.

The vulnerability received a CVSS score of 5.1/10 and is considered a low-severity bug.

No CVE key: A link tracking issue within the Epic Games installer would allow local users to create a symbolic link to abuse the installer, delete a file, and deploy DoS attacks.

The flaw received a CVSS score of 5.1/10.

According to the report, the vulnerabilities reside in all versions of Epic Games Launcher for Windows and macOS systems.

These problems can only be exploited locally, which considerably reduces the risk of exploitation. So far no active exploitation attempts have been detected, although cybersecurity specialists recommend disabling Epic Games Launcher since there are no patches available to correct these flaws.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two vulnerabilities in Epic Games Launcher allow DoS attacks appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

CVE-2018-9100 & CVE-2018-9099: Vulnerabilities in Diebold Nixdorf ATMs allow easily jackpotting a machine via a black box attack. Banks should patch them immediately

A recent research published by Positive Technologies points to the discovery of…

Critical vulnerability in Linux distros would allow for full system compromise; update now

This Thursday morning it was announced the release of a security patch…

Severe vulnerability in Linux kernel allows hackers to escape from a container to execute arbitrary commands on the affected host. CVSS 7.0/10

Cybersecurity specialists report the detection of a severe vulnerability in the Linux…

Vulnerability in Schneider Electric Modicon PLCs would allow hackers to bypass authentication mechanisms and take over these IoT devices

Cybersecurity specialists report the discovery of an authentication bypass vulnerability that resides…