CVE-2022-31262
17.08.2022, 15:15
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.Enginsight
Vendor | Product | Version |
---|---|---|
gog | galaxy | 2.0.46 ≤ 𝑥 ≤ 2.0.51 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References