CVE-2019-14737

HIGH

Ubisoft Uplay 92.0.0.6280 - Insecure Default Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14737. PoCs published by Kusol Watchara-Apanukorn.

AI-analyzed exploit summary This is a writeup describing a local privilege escalation vulnerability in Uplay 92.0.0.6280 due to insecure directory permissions. The proof of concept demonstrates how the directory permissions allow any user to replace executable files with malicious ones.

Description

Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.

Exploits (1)

exploitdb WRITEUP
by Kusol Watchara-Apanukorn · textlocalwindows
https://www.exploit-db.com/exploits/47493

This is a writeup describing a local privilege escalation vulnerability in Uplay 92.0.0.6280 due to insecure directory permissions. The proof of concept demonstrates how the directory permissions allow any user to replace executable files with malicious ones.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Uplay 92.0.0.6280
No auth needed
Prerequisites: Access to the local system · Ability to replace executable files in the vulnerable directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/47493

Scores

CVSS v3 7.8
EPSS 0.0166
EPSS Percentile 73.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
ubisoft/uplay 92.0.0.6280
Published Oct 14, 2019
Tracked Since Feb 18, 2026