Vulnerabilities > CVE-2022-31262 - Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- https://github.com/secure-77/CVE-2022-31262
- https://github.com/secure-77/CVE-2022-31262
- https://secure77.de/category/subjects/researches/
- https://secure77.de/category/subjects/researches/
- https://secure77.de/gog-galaxy-cve-2022-31262/
- https://secure77.de/gog-galaxy-cve-2022-31262/
- https://www.youtube.com/watch?v=Bgdbx5TJShI
- https://www.youtube.com/watch?v=Bgdbx5TJShI