Vulnerabilities > CVE-2018-4048 - Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
gog
CWE-668

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

Vulnerable Configurations

Part Description Count
Application
Gog
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0722
last seen2019-06-01
published2019-03-26
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0722
titleGOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability