216.73.217.64

CVE-2024-57276

· Published 27/01/2025 17:15 · Modified 30/01/2025 22:15

Labels: CVE-2024-57276 2025-01-27CVE-2024-57276CWE-428[email protected]

Essential information

Published
27/01/2025 17:15
Modified
30/01/2025 22:15
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CVSS metrics

Description

In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References