An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
References
Link | Resource |
---|---|
https://github.com/secure-77/CVE-2022-31262 | Exploit Third Party Advisory |
https://secure77.de/category/subjects/researches/ | Exploit Third Party Advisory |
https://secure77.de/gog-galaxy-cve-2022-31262/ | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=Bgdbx5TJShI | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-08-17 15:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-31262
Mitre link : CVE-2022-31262
CVE.ORG link : CVE-2022-31262
JSON object : View
Products Affected
gog
- galaxy
CWE
CWE-281
Improper Preservation of Permissions