CVE-2024-57276
Published: 27 January 2025
Summary
CVE-2024-57276 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
CM-6 requires establishing and enforcing secure configuration settings for services, including quoted executable paths and restrictive permissions on service registry keys to prevent unauthorized modification.
CM-5 restricts access to configuration changes, preventing low-privileged users from modifying the DAUpdaterSVC service executable path in the registry.
AC-6 enforces least privilege for system processes and accounts, reducing the impact of privilege escalation even if the service path is hijacked by requiring non-SYSTEM privileges where possible.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path with weak registry/file permissions on a SYSTEM service directly enables local privilege escalation via executable path interception or service hijacking.
NVD Description
In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT…
more
AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.
Deeper analysisAI
CVE-2024-57276 is an unquoted service path vulnerability affecting the DAUpdaterSVC service in Electronic Arts' Dragon Age: Origins version 1.05. The service is configured with insecure permissions that allow users to modify the executable file path it uses. Running with NT AUTHORITY\SYSTEM privileges, the flaw enables privilege escalation when attackers replace or place a malicious executable in the service path. The vulnerability is rated 7.3 on the CVSS v3.1 scale (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) and maps to CWE-428 (Unquoted Search Path or Element).
Local attackers with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. By modifying the service's executable path to point to a malicious binary, they can achieve privilege escalation to SYSTEM level, potentially gaining high confidentiality and integrity impacts along with low availability impact. This allows full control over the affected system.
Details on the vulnerability, including reproduction steps, are available in researcher advisories at the provided references: https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md and https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Dragon%20Age%20Origins/Description.md. No official patches or mitigations from Electronic Arts are detailed in the available information.
Details
- CWE(s)