An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
References
Link | Resource |
---|---|
https://github.com/secure-77/CVE-2022-31262 | Exploit Third Party Advisory |
https://secure77.de/category/subjects/researches/ | Exploit Third Party Advisory |
https://secure77.de/gog-galaxy-cve-2022-31262/ | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=Bgdbx5TJShI | Exploit Third Party Advisory |
https://github.com/secure-77/CVE-2022-31262 | Exploit Third Party Advisory |
https://secure77.de/category/subjects/researches/ | Exploit Third Party Advisory |
https://secure77.de/gog-galaxy-cve-2022-31262/ | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=Bgdbx5TJShI | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/secure-77/CVE-2022-31262 - Exploit, Third Party Advisory | |
References | () https://secure77.de/category/subjects/researches/ - Exploit, Third Party Advisory | |
References | () https://secure77.de/gog-galaxy-cve-2022-31262/ - Exploit, Third Party Advisory | |
References | () https://www.youtube.com/watch?v=Bgdbx5TJShI - Exploit, Third Party Advisory |
Information
Published : 2022-08-17 15:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31262
Mitre link : CVE-2022-31262
CVE.ORG link : CVE-2022-31262
JSON object : View
Products Affected
gog
- galaxy
CWE
CWE-281
Improper Preservation of Permissions