CVE-2024-11872 is a local privilege escalation vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting the Epic Games Launcher version 16.6.0-33806133. The vulnerability stems from the installer applying overly permissive default permissions to a sensitive folder on the system. This misconfiguration allows a local attacker who already has the ability to execute code with low privileges to escalate their privileges to SYSTEM level by manipulating files or resources within this folder. The escalation to SYSTEM privileges enables the attacker to execute arbitrary code with the highest system privileges, potentially compromising the entire system's confidentiality, integrity, and availability. The vulnerability does not require user interaction but does require the attacker to have some initial code execution capability on the target machine. The CVSS v3.0 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and limited privileges required. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the widespread use of the Epic Games Launcher in gaming environments. The flaw was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24329 and publicly disclosed on December 11, 2024. No official patches or updates were linked at the time of disclosure, emphasizing the need for immediate mitigation steps by users and organizations.

The primary impact of CVE-2024-11872 is the potential for local attackers to escalate privileges from a low-privileged user context to SYSTEM level on affected machines. This can lead to full system compromise, allowing attackers to install persistent malware, steal sensitive data, modify system configurations, or disrupt system operations. For organizations, this vulnerability can undermine endpoint security, especially in environments where users have local access but limited privileges. Gaming PCs and workstations running the vulnerable Epic Games Launcher version are at risk, which could be leveraged as a foothold for broader network attacks or lateral movement within corporate or home networks. The high CVSS score indicates a serious threat to confidentiality, integrity, and availability. Although exploitation requires initial code execution, the ease of privilege escalation makes this vulnerability particularly dangerous if combined with other attack vectors. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation, especially given the popularity of the affected software.

1. Immediately update the Epic Games Launcher to a version where this vulnerability is patched once available from Epic Games. Monitor official channels for patch releases. 2. Until a patch is available, restrict local user permissions and limit the ability to execute arbitrary code on systems running the Epic Games Launcher. 3. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized code execution attempts. 4. Regularly audit folder permissions related to the Epic Games Launcher installation directory and correct any overly permissive settings manually if feasible. 5. Use least privilege principles for user accounts on gaming and workstation systems to minimize the impact of potential exploitation. 6. Monitor system logs and security alerts for suspicious activity indicative of privilege escalation attempts. 7. Educate users about the risks of running untrusted code or scripts that could be leveraged to gain initial low-level code execution. 8. Consider isolating gaming environments from critical corporate networks to reduce lateral movement risk.