CVE-2018-4048
9.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Temp directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Talos | GOG Galaxy | Gog Galaxy 1.2.48.36 (Windows 64-bit Installer) | affected |
Weaknesses
- Arbitrary Code Execution
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.