Back

CVE-2023-50914

April 30, 2024, 5:52 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GOG Galaxy (Beta)

  • 2.0.67.2
  • 2.0.71.2

Source

cve@mitre.org

Tags

CVE-2023-50914 details

Published : April 30, 2024, 2:15 p.m.
Last Modified : April 30, 2024, 5:52 p.m.

Description

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/anvilsecure/gog-galaxy-app-research cve@mitre.org
https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50914%20-%20LPE.md cve@mitre.org
https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog cve@mitre.org
https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/ cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.