CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50914
https://notcve.org/view.php?id=CVE-2023-50914
30 Apr 2024 — A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe. Un problema de escalada de privilegios en el procedimiento de comunicación entre procesos desde GOG Galaxy (Beta) 2.0.67.2 hasta v2.0.71.2 permite ... • https://github.com/anvilsecure/gog-galaxy-app-research • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50915
https://notcve.org/view.php?id=CVE-2023-50915
30 Apr 2024 — An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service. Existe un problema en GalaxyClientService.exe en GOG Galaxy (Beta) 2.0.67.2 a 2.0.71.2 que podría permitir a los usuarios autenticados sobrescribir y dañar archivos críticos del sistema a través de una combinación de un... • https://github.com/anvilsecure/gog-galaxy-app-research •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2022-31262
https://notcve.org/view.php?id=CVE-2022-31262
17 Aug 2022 — An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. Se presenta una vulnerabilidad de escalada de privilegios local explotable en GOG Galaxy versión 2.0.46. Debido a permisos insuficientes de la carpeta, un atacante puede secuestrar la estructura de la carpet... • https://github.com/secure-77/CVE-2022-31262 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26807
https://notcve.org/view.php?id=CVE-2021-26807
30 Apr 2021 — GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. GalaxyClient versión 2.0.28.9, carga archivos DLL sin firmar como las bibliotecas zlib1.dll, libgcc_s_dw2-1.dll y libwinpthread-1.dll a partir de PATH, lo que permite a un atacante potencialmente ejecutar código de forma local por medio de una carga de DLL sin firmar. • https://illuminati.services/2021/04/29/cve-2021-26807-gog-galaxy-v2-0-35-dll-load-order-hijacking • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24574
https://notcve.org/view.php?id=CVE-2020-24574
21 Aug 2020 — The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. El cliente (también conocido como GalaxyClientService.exe) en GOG GALAXY a través de la versión 2.0.41 (a partir de las 12:58 AM del e... • https://github.com/jtesta/gog_galaxy_client_service_poc • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11827
https://notcve.org/view.php?id=CVE-2020-11827
14 Jul 2020 — In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. En GOG Galaxy versión 1.2.67, se presenta un servicio que es vulnerable a los permisos de archivos/servicios débiles: archivo GalaxyClientService.exe. Un ata... • https://fatihhcelik.blogspot.com/2020/04/gog-galaxy-desktop-app-local-privilege.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15528
https://notcve.org/view.php?id=CVE-2020-15528
05 Jul 2020 — An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks. Se detectó un problema en GOG Galaxy Client versión 2.0.17. Una escalada local de privilegios es posible cuando un usuario inicia o desinstala un juego debido a permisos de archivos débiles y a una falta de comprobaciones de integridad de archivos • http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15529
https://notcve.org/view.php?id=CVE-2020-15529
05 Jul 2020 — An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks. Se detectó un problema en GOG Galaxy Client versión 2.0.17. Una escalada local de privilegios es posible cuando un usuario instala un juego o realiza una operación de verificación y reparación. • http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html • CWE-667: Improper Locking CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-7352 – GOG Galaxy GalaxyClientService Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7352
15 Jun 2020 — The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This ... • https://github.com/szerszen199/PS-CVE-2020-7352 • CWE-264: Permissions, Privileges, and Access Controls CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15511
https://notcve.org/view.php?id=CVE-2019-15511
21 Nov 2019 — An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected. Se presenta una vulnerabilidad de escalada de privilegios local explotable en el GalaxyClientService inst... • https://github.com/adenkiewicz/CVE-2019-15511 • CWE-306: Missing Authentication for Critical Function •