Epic Games Launcher 7.9.4-4058369 Insecure File Permissions

Title: Epic Games Launcher 7.9.4-4058369 Insecure File Permissions
Advisory ID: ZSL-2018-5468
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 21.05.2018
Summary
Epic Games Launcher is a shareware desktop tool that allows you to buy and download games and other products from Epic Games. Through this program, you can get games like Fortnite, Unreal Tournament, Shadow Complex, and Paragon. Also, you can download tools like Unreal Engine and ARK Dev Kit. The program includes a social feature that allows you to add friends, change your status, and more.
Description
The Epic Games Launcher suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group.
Vendor
Epic Games, Inc. - https://www.epicgames.com
Affected Version
7.9.4-4058369
7.9.3-4051644
7.9.2
7.9.1-4016505
7.8.0-3988049
7.7.0
Tested On
Microsoft Windows 10 Home
Vendor Status
[10.04.2018] Vulnerability discovered.
[09.05.2018] Vendor contacted.
[11.05.2018] Vendor replied confirming message received.
[20.05.2018] No response from the vendor.
[21.05.2018] Public security advisory released.
PoC
epiclauncher_eop.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://cxsecurity.com/issue/WLB-2018050177
[2] https://packetstormsecurity.com/files/147803
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/143687
Changelog
[21.05.2018] - Initial release
[29.05.2018] - Added reference [1], [2] and [3]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk