CVE-2023-50915

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service.

Existe un problema en GalaxyClientService.exe en GOG Galaxy (Beta) 2.0.67.2 a 2.0.71.2 que podría permitir a los usuarios autenticados sobrescribir y dañar archivos críticos del sistema a través de una combinación de una unión NTFS y un enlace simbólico del Administrador de objetos RPC y podría resultar en una denegación de servicio.

*Credits: N/A

CVSS Scores

CISAv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-12-15 CVE Reserved
2024-04-30 CVE Published
2024-05-01 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://github.com/anvilsecure/gog-galaxy-app-research
https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md
https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-