Gog: Security Vulnerabilities
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.
CVSS Score
9.3
EPSS Score
0.001
Published
2019-04-02
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-04-02
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.
CVSS Score
6.2
EPSS Score
0.001
Published
2019-04-02
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.
CVSS Score
6.2
EPSS Score
0.001
Published
2019-04-02
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-04-01
Page 2