An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
References
Link | Resource |
---|---|
https://github.com/secure-77/CVE-2022-31262 | Exploit Third Party Advisory |
https://secure77.de/category/subjects/researches/ | Exploit Third Party Advisory |
https://secure77.de/gog-galaxy-cve-2022-31262/ | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=Bgdbx5TJShI | Exploit Third Party Advisory |
Configurations
History
28 Oct 2022, 13:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gog:galaxy:*:*:*:*:*:windows:*:* | |
References | (MISC) https://github.com/secure-77/CVE-2022-31262 - Exploit, Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=Bgdbx5TJShI - Exploit, Third Party Advisory |
24 Aug 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Aug 2022, 19:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gog:galaxy:2.0.46:*:*:*:*:windows:*:* | |
References | (MISC) https://secure77.de/category/subjects/researches/ - Exploit, Third Party Advisory | |
References | (MISC) https://secure77.de/gog-galaxy-cve-2022-31262/ - Exploit, Third Party Advisory | |
CWE | CWE-281 | |
First Time |
Gog galaxy
Gog |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
17 Aug 2022, 15:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-17 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31262
Mitre link : CVE-2022-31262
CVE.ORG link : CVE-2022-31262
JSON object : View
Products Affected
gog
- galaxy
CWE
CWE-281
Improper Preservation of Permissions