Description
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
Exploits (2)
nomisec
STUB
by anon135792408 · poc
https://github.com/anon135792408/Ubisoft-Uplay-Desktop-Client-63.0.5699.0
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45429/
Scores
CVSS v3
8.8
EPSS
0.0153
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
ubisoft/uplay
63.0.5699.0
Published
Sep 20, 2018
Tracked Since
Feb 18, 2026