6 matches found
EUVD-2020-4167
Malware in sbrugna...
CVE-2020-11827
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her...
CVE-2023-50914
CVE-2023-50914 is a local privilege escalation in GOG Galaxy (Beta) IPC between GalaxyClient.exe and GalaxyClientService.exe. From 2.0.67.2 through 2.0.71.2, an authenticated user can forge IPC packets via FixDirectoryPrivileges, altering the DACL of arbitrary system directories to grant Everyone...
CVE-2023-50915
An issue exists in GalaxyClientService.exe in GOG Galaxy Beta 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service...
CVE-2023-50914
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...
CVE-2020-11827
The CVE-2020-11827 entry concerns GOG Galaxy 1.2.67, where GalaxyClientService.exe exposes weak file/service permissions that can be abused to escalate to SYSTEM privileges. According to the sources, an attacker could replace or tamper with the GalaxyClientService.exe and restart the service as a...