CVE-2018-3974
9.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GOG.COM | GOG Galaxy | Gog Galaxy 1.2.45.61 (Windows 64-bit Installer) | affected |
Weaknesses
- local privilege elevation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.