2.0.51

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gog

CWE-281

NVD

Published: 2022-08-17

Updated: 2022-10-28

Summary

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

Vulnerable Configurations

Part	Description	Count
Application	Gog GOG Galaxy 2.0.46 GOG Galaxy 2.0.51	2

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://secure77.de/category/subjects/researches/
https://secure77.de/gog-galaxy-cve-2022-31262/
https://github.com/secure-77/CVE-2022-31262
https://www.youtube.com/watch?v=Bgdbx5TJShI