EIP-2026-117407

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117407. PoCs published by Vincent Yiu.

AI-analyzed exploit summary The exploit describes an insecure file permission vulnerability in the League of Legends screensaver, allowing an attacker to replace the service binary with a malicious one to achieve privilege escalation. The issue was resolved by the vendor, and the writeup provides a clear technical explanation of the vulnerability.

Description

League of Legends Screensaver - Insecure File Permissions Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Vincent Yiu · textlocalwindows

https://www.exploit-db.com/exploits/39903

View Code ZIP pw:eip

The exploit describes an insecure file permission vulnerability in the League of Legends screensaver, allowing an attacker to replace the service binary with a malicious one to achieve privilege escalation. The issue was resolved by the vendor, and the writeup provides a clear technical explanation of the vulnerability.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: League of Legends Screensaver (MD5 Hash: 0C1B02079CA8BF850D59DD870BC09963)

No auth needed

Prerequisites: Local access to the system · Insecure file permissions on the screensaver installation directory

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

League of Legends Screensaver - Insecure File Permissions Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details