Doom Launcher Directory Traversal Vulnerability Leading to Arbitrary Code Execution

A directory traversal vulnerability has been identified in Doom Launcher version 3.8.1.0. This issue arises from inadequate file path validation when extracting game files from RAR archives. As a result, file names containing relative paths can escape the intended directory, creating a directory traversal vulnerability. Exploitation of this flaw allows attackers to place malicious files in sensitive locations, such as the Windows Startup folder, where they can be executed automatically upon the next system login.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running under the current user's privileges.

Reproduction

To reproduce this vulnerability, create a RAR archive containing a file with a relative path that includes directory traversal sequences, such as '../'. Then, load this archive using Doom Launcher 3.8.1.0. After the file is extracted, check the specified directories for the presence of the file, which should appear in an unintended location, such as the Startup folder. Restarting Windows will trigger the execution of the file, demonstrating the successful exploitation of the vulnerability.

Remediation

The vulnerability has been fixed in Doom Launcher version 3.8.2.0, which includes proper validation of file paths during the extraction process. Users should update to this version.