3 matches found
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
GOG Galaxy Local Elevation of Privilege Vulnerability
GOG Galaxy is a game client program. The program is used to install, launch and update games. A security vulnerability exists in the file system permissions of the installation path in GOG Galaxy version 1.2.45.61. An attacker can exploit this vulnerability by overwriting an executable file to...
CVE-2018-5731
An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...