CVE-2020-11827
N/A
N/A
Summary
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.gog.com/galaxy
- https://fatihhcelik.blogspot.com/2020/04/gog-galaxy-desktop-app-local-privilege.html
References
- https://www.gog.com/galaxy
- https://fatihhcelik.blogspot.com/2020/04/gog-galaxy-desktop-app-local-privilege.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.