Today > 1 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-50914

April 30, 2024, 5:52 p.m.

Tags

Product(s) Impacted

GOG Galaxy (Beta)

  • 2.0.67.2
  • 2.0.71.2

Description

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.

Weaknesses

Date

Published: April 30, 2024, 2:15 p.m.

Last Modified: April 30, 2024, 5:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References