CVE-2018-3974

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.

Affected Software

VendorProductVersion RangeStatus
GOG.COMGOG GalaxyGog Galaxy 1.2.45.61 (Windows 64-bit Installer)affected

Weaknesses

  • local privilege elevation

ADP Enrichment

CVE Program Container

Additional References

References