Vulnerabilities > CVE-2018-4048 - Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gog

CWE-668

NVD

Published: 2019-05-30

Updated: 2022-06-07

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gog GOG Galaxy 1.2.48.36	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Talos

id	TALOS-2018-0722
last seen	2019-06-01
published	2019-03-26
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0722
title	GOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0722