Vulnerabilities

CVE-2020-24574

by Fred · 20/08/2020

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.

Date published : 2020-08-20

https://github.com/jtesta/gog_galaxy_client_service_poc

https://www.gog.com/galaxy

Similar

Tags: Cybersecurity Alert