GOG Galaxy 2.0.46 Local Privilege Escalation Vulnerability

GOG Galaxy 2.0.46 Local Privilege Escalation Vulnerability

CVE-2022-31262 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

Learn more about our Web Application Penetration Testing UK.