CVE-2019-14737

A local attacker with a standard user account can replace an executable file inside the Uplay installation directory because `BUILTIN\Users` has been granted full control (`(F)`) permissions on the folder [ref_id=1]. By placing a malicious executable in place of a legitimate one, the attacker can achieve privilege escalation when the file is executed by a higher-privileged process or user.

The installation directory `C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher` is affected. The vulnerability is a permission misconfiguration on this folder, not a specific code function.

The advisory states that the vendor released a patched version on 18 September 2019 [ref_id=1]. The fix likely involves restricting the folder permissions so that `BUILTIN\Users` no longer has full control, limiting standard users to read-and-execute access only. No patch diff is available in the bundle.

1. Open a command prompt as a standard user. 2. Run `icacls "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher"` to confirm that `BUILTIN\Users:(F)` is present. 3. Replace any executable in that directory with a malicious binary (e.g., rename the original and copy in an attacker-controlled file). 4. When the launcher or a game triggers that executable, the malicious code runs with the privileges of the invoking process.