CVE-2014-5453

Ubisoft Uplay PC < 4.6.1.3217 - Privilege Escalation via Weak Installation Directory Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5453. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit details an insecure file permissions vulnerability in Ubisoft Uplay 4.6, where the 'Everyone' group has full control over executable files in the 'Ubisoft Game Launcher' directory, allowing local privilege escalation by replacing executables with malicious binaries.

Description

Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by LiquidWorm · textlocalwindows
https://www.exploit-db.com/exploits/33961

The exploit details an insecure file permissions vulnerability in Ubisoft Uplay 4.6, where the 'Everyone' group has full control over executable files in the 'Ubisoft Game Launcher' directory, allowing local privilege escalation by replacing executables with malicious binaries.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Ubisoft Uplay 4.6.3208 and 4.5.2.3010
No auth needed
Prerequisites: Local access to the system · Ubisoft Uplay installed with vulnerable permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/108726
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33961

Scores

EPSS 0.0103
EPSS Percentile 59.3%

Details

CWE
CWE-264
Status published
Products (2)
ubi/uplay_pc 4.5.2.3010
ubi/uplay_pc < 4.6.3208
Published Aug 25, 2014
Tracked Since Feb 18, 2026