Vulnerability Details CVE-2022-31262
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v3 Score 7.8
References
- https://github.com/secure-77/CVE-2022-31262
- https://secure77.de/category/subjects/researches/
- https://secure77.de/gog-galaxy-cve-2022-31262/
- https://www.youtube.com/watch?v=Bgdbx5TJShI
- https://github.com/secure-77/CVE-2022-31262
- https://secure77.de/category/subjects/researches/
- https://secure77.de/gog-galaxy-cve-2022-31262/
- https://www.youtube.com/watch?v=Bgdbx5TJShI