Lucene search
MitreCVELIST:CVE-2023-50914HistoryApr 30, 2024 - 12:00 a.m.
CVE-2023-50914
2024-04-3000:00:00
mitre
www.cve.org
2
inter-process communication
gog galaxy
privilege escalation
authenticated users
dacl
arbitrary system directories
fixdirectoryprivileges
galaxyclient.exe
galaxyclientservice.exe
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.
References
github.com/anvilsecure/gog-galaxy-app-research
github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50914%20-%20LPE.md
support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog
www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/
Related
vulnrichment
vulnrichment
CVE-2023-50914
2024-04-30 00:00:00
cve
cve
CVE-2023-50914
2024-04-30 14:15:10
nvd
nvd
CVE-2023-50914
2024-04-30 14:15:10