Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GogGalaxy*

7 matches found

CVE
CVEadded 2020/08/21 4:15 a.m.876 views

CVE-2020-24574

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into Ga...

7.8CVSS7.8AI score0.0018EPSS
CVE
CVEadded 2022/08/17 3:15 p.m.682 views

CVE-2022-31262

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SY...

7.8CVSS7.8AI score0.00762EPSS
CVE
CVEadded 2020/07/14 6:15 p.m.198 views

CVE-2020-11827

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privile...

7.8CVSS7.7AI score0.00029EPSS
CVE
CVEadded 2020/08/06 4:15 p.m.191 views

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the s...

8.8CVSS8.7AI score0.13192EPSS
CVE
CVEadded 2019/11/21 6:15 p.m.182 views

CVE-2019-15511

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed...

7.8CVSS7.9AI score0.00534EPSS
CVE
CVEadded 2024/04/30 2:15 p.m.46 views

CVE-2023-50915

An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service.

6.5CVSS6.6AI score0.00207EPSS
CVE
CVEadded 2024/04/30 2:15 p.m.38 views

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction ...

6.7CVSS6.9AI score0.00058EPSS