Epic Games Fortnite 4.2-CL-4072250 Insecure File Permissions

Title: Epic Games Fortnite 4.2-CL-4072250 Insecure File Permissions
Advisory ID: ZSL-2018-5469
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 21.05.2018
Summary
Fortnite is a co-op sandbox survival game developed by Epic Games and People Can Fly and published by Epic Games. The game was released as a paid-for early access title for Microsoft Windows, macOS, PlayStation 4 and Xbox One on July 25, 2017, with a full free-to-play release expected in 2018. The retail versions of the game were published by Gearbox Publishing, while online distribution of the PC versions is handled by Epic's launcher.
Description
Fortnite suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.
Vendor
Epic Games, Inc. - https://www.epicgames.com
Affected Version
4.2-CL-4072250
4.1-CL-4053532
4.0-CL-4039451
Tested On
Microsoft Windows 10 Home
Vendor Status
[10.04.2018] Vulnerability discovered.
[09.05.2018] Vendor contacted.
[11.05.2018] Vendor replied confirming message received.
[20.05.2018] No response from the vendor.
[21.05.2018] Public security advisory released.
PoC
fortnite_eop.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://exchange.xforce.ibmcloud.com/vulnerabilities/143688
[2] https://packetstormsecurity.com/files/147804
[3] https://cxsecurity.com/issue/WLB-2018050178
Changelog
[21.05.2018] - Initial release
[29.05.2018] - Added reference [1], [2] and [3]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk