Galaxy Security Vulnerabilities and Issues — Galaxy CVE List

Lucene search

GogGalaxy

7 matches found

CVE•added 2020/08/21 4:15 a.m.•876 views

CVE-2020-24574

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into Ga...

7.8CVSS7.8AI score0.0018EPSS

CVE•added 2022/08/17 3:15 p.m.•682 views

CVE-2022-31262

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SY...

7.8CVSS7.8AI score0.00762EPSS

CVE•added 2020/07/14 6:15 p.m.•198 views

CVE-2020-11827

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privile...

7.8CVSS7.7AI score0.00029EPSS

CVE•added 2019/11/21 6:15 p.m.•182 views

CVE-2019-15511

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed...

7.8CVSS7.9AI score0.00534EPSS

CVE•added 2019/04/02 4:29 p.m.•48 views

CVE-2018-4051

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.

7.1CVSS5.6AI score0.00077EPSS

CVE•added 2021/04/30 11:15 a.m.•47 views

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.

7.8CVSS7.6AI score0.00061EPSS

CVE•added 2019/04/01 7:29 p.m.•44 views

CVE-2018-4050

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.

7.8CVSS7.8AI score0.00076EPSS