Epic Games Easy Anti-Cheat Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

A vulnerability in Epic Games Easy Anti-Cheat version 4.0 has been identified, stemming from an unquoted service path issue. This vulnerability allows local, non-privileged users to execute arbitrary code with elevated privileges. Exploitation involves inserting malicious code into the system root path, where it can evade detection and execute with LocalSystem privileges during application startup or reboot.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, allowing a local user to gain higher access rights and potentially manipulate system functions or data.

Reproduction

The vulnerability can be reproduced by inserting malicious code into the system root path, undetected by the operating system or other security applications. This code will execute with LocalSystem privileges when the Easy Anti-Cheat application is started or when the system is rebooted.