VYPR

Galaxy

by Gog.com

CVEs (5)

  • CVE-2020-11827HigJul 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to…

  • CVE-2018-4048HigMay 30, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute…

  • CVE-2023-50914MedApr 30, 2024
    risk 0.44cvss 6.7epss 0.01

    A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the…

  • CVE-2023-50915MedApr 30, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a…

  • CVE-2018-4053MedApr 2, 2019
    risk 0.36cvss 5.5epss 0.00

    An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.