# Exploit Title: League of Legends Screensaver Insecure File Permissions Privilege Escalation # CVE-ID: NA # Date: 13/04/2016 # Exploit Author: Vincent Yiu # Contact: vysec.private@gmail.com # Vendor Homepage: http://www.leagueoflegends.com # Software Link: screensaver.euw.leagueoflegends.com/en_US # Version: MD5 Hash: 0C1B02079CA8BF850D59DD870BC09963 # Tested on: Windows 7 Professional x64 fully updated. 1. Description: The League of Legends screensaver was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary. This was reported to Riot Games and has been rectified in the latest version. 2. Proof http://i.imgur.com/5fVijDK.png 3. Exploit: Replace service.exe in 'C:\Riot Games\LolScreenSaver\service' to run service.exe as SYSTEM. This is released on exploit-db as a means to make users aware. There was no way to automatically install a patch or update to fix this issue. It is recommended that the screensaver is uninstalled and redownloaded from the official website where this issue is now resolved.