CVE-2018-4049

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.

Affected Software

VendorProductVersion RangeStatus
GOG.COMGOG GalaxyGog Galaxy 1.2.48.36 (Windows 64-bit Installer)affected

Weaknesses

  • local privilege elevation

ADP Enrichment

CVE Program Container

Additional References

References