4 matches found
CVE-2020-7352
CVE-2020-7352 context : The GalaxyClientService in GOG Galaxy runs as SYSTEM on Windows. It ships with an embedded, static RSA private key and listens on localhost:9978, enabling a local attacker with user privileges to execute OS commands in elevated context via crafted inputs. The issue affects...
CVE-2020-7352
creationtimestamp| type| source ---|---|--- 2020-06-15 14:42:43+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/goggalaxyclientserviceprivesc.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...
GOG GalaxyClientService Privilege Escalation Exploit
This Metasploit module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current...
GOG GalaxyClientService Privilege Escalation
This module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current source:...