Local Privilege Escalation Vulnerability in GOG GALAXY Client
CVE-2020-24574

7.8HIGH

Key Information:

Vendor

Gog

Status
Galaxy
Vendor
CVE Published:
21 August 2020

What is CVE-2020-24574?

The GOG GALAXY client (GalaxyClientService.exe) presents a local privilege escalation vulnerability that allows any authenticated user to elevate their privileges to SYSTEM level. This is achieved by manipulating the Windows service to run arbitrary commands. The flaw lies in the ability of an attacker to inject a DLL into GalaxyClient.exe, thereby bypassing the TCP-based 'trusted client' protection mechanism, which exposes the system to significant security risks.

References

https://www.gog.com/galaxy
x_refsource_MISC
https://www.positronsecurity.com/blog/2020-08-13-gog-gala...
x_refsource_MISC
https://github.com/jtesta/gog_galaxy_client_service_poc
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.