CVE-2018-4048

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Temp directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
TalosGOG GalaxyGog Galaxy 1.2.48.36 (Windows 64-bit Installer)affected

Weaknesses

  • Arbitrary Code Execution

ADP Enrichment

CVE Program Container

Additional References

References