CVE-2018-4048
GOG Galaxy 1.2.48.36 (Windows 64-bit Installer) contains a local privilege escalation in the Temp directory permissions. By default, the Temp path allows broad access, enabling an attacker to overwrite executables used by the Desktop Galaxy Updater and execute arbitrary code with SYSTEM privilege...