Back to search
CVE-2022-31262
Published: Aug 17, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://secure77.de/category/subjects/researches/
x_refsource_MISC
https://secure77.de/gog-galaxy-cve-2022-31262/
x_refsource_MISC
https://github.com/secure-77/CVE-2022-31262
x_refsource_MISC
https://www.youtube.com/watch?v=Bgdbx5TJShI
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now