Cancel

GOG Galaxy Desktop App | Local Privilege Escalation | CVE-2020-11827

Jun 4, 2020 2020-06-04T11:33:00+08:00 by Fatih Çelik

1 min

Vendor: https://www.gog.com/galaxy

Versions Affected: Prior to 1.2.67

Vulnerability: Local Privilege Escalation

Discoverer: Fatih Çelik

CVE: CVE-2020-11827

CVSS 3.x Base Score: 7.8 HIGH

Description:

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious service as a GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights.

Vulnerability Research

vulnerability research

This post is licensed under CC BY 4.0 by the author.

Recent Update

Missing IP Address Control in isPublic() Function Leads to SSRF Bypass PoC
Group Office CRM | Stored XSS via SVG File
Group Office CRM | SSRF
Division By Zero | Deark
NULL Pointer Dereference | Deark

GOG Galaxy Desktop App | Local Privilege Escalation | CVE-2020-11827

Further Reading

CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557

Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804

Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803

Trending Tags