Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gog | First view | 2019-04-02 |
| Product | Galaxy | Last view | 2022-08-17 |
| Version | 1.2.48.36 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gog:galaxy | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-08-17 | CVE-2022-31262 | An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. |
| 7.8 | 2020-08-21 | CVE-2020-24574 | The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. |
| 8.8 | 2020-08-06 | CVE-2020-7352 | The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. |
| 7.8 | 2020-07-14 | CVE-2020-11827 | In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. |
| 7.8 | 2019-11-21 | CVE-2019-15511 | An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected. |
| 7.8 | 2019-05-30 | CVE-2018-4048 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. |
| 7.8 | 2019-04-02 | CVE-2018-4049 | An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games†directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-798 | Use of Hard-coded Credentials |
| 28% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 14% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 14% (1) | CWE-306 | Missing Authentication for Critical Function |
| 14% (1) | CWE-281 | Improper Preservation of Permissions |
