CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11827
https://notcve.org/view.php?id=CVE-2020-11827
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. En GOG Galaxy versión 1.2.67, se presenta un servicio que es vulnerable a los permisos de archivos/servicios débiles: archivo GalaxyClientService.exe. Un atacante puede colocar un código malicioso en el archivo GalaxyClientService.exe de tipo caballo de Troya. • https://fatihhcelik.blogspot.com/2020/04/gog-galaxy-desktop-app-local-privilege.html https://www.gog.com/galaxy • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-7352 – GOG Galaxy GalaxyClientService Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7352
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). • https://github.com/szerszen199/PS-CVE-2020-7352 https://github.com/rapid7/metasploit-framework/pull/13444 https://www.positronsecurity.com/blog/2020-04-28-gog-galaxy-client-local-privilege-escalation • CWE-264: Permissions, Privileges, and Access Controls CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15511
https://notcve.org/view.php?id=CVE-2019-15511
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected. Se presenta una vulnerabilidad de escalada de privilegios local explotable en el GalaxyClientService instalado por GOG Galaxy. Debido a un control de acceso incorrecto, un atacante puede enviar paquetes TCP locales no autenticados al servicio para conseguir privilegios SYSTEM en el sistema Windows donde está instalado el software GOG Galaxy. • https://github.com/adenkiewicz/CVE-2019-15511 https://cqureacademy.com/cqure-labs/cqlabs-cve-2019-15511-broken-access-control-in-gog-galaxy https://support.gog.com/hc/en-us/articles/360025458833-GOG-GALAXY-2-0-updates-and-known-issues • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4053
https://notcve.org/view.php?id=CVE-2018-4053
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable. Existe una vulnerabilidad de denegación de servicio (DoS) local explotable en la herramienta "helper" privilegiada de los juegos de GOG Galaxy, en su versión 1.2.47 para macOS. Un atacante puede enviar datos maliciosos al servicio de escucha root, haciendo que la aplicación se termine y deje de estar disponible. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0727 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4051
https://notcve.org/view.php?id=CVE-2018-4051
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories. Existe una vulnerabilidad de escalado de privilegios local explotable en la herramienta helper privilegiada de los juegos de GOG Galaxy, en su versión 1.2.47 para macOS. Un atacante puede crear directorios y subdirectorios a nivel global en el sistema de archivos root, además de cambiar los permisos de los directorios existentes. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725 • CWE-732: Incorrect Permission Assignment for Critical Resource •