DLL Hijacking Vulnerability in GalaxyClient by GOG
CVE-2021-26807
7.8HIGH
What is CVE-2021-26807?
GalaxyClient version 2.0.28.9 is susceptible to a DLL hijacking flaw due to its ability to load unsigned Dynamic Link Libraries (DLLs) from the PATH environment variable. Attackers could exploit this vulnerability to execute arbitrary code locally by tricking the application into loading malicious DLLs such as zlib1.dll, libgcc_s_dw2-1.dll, and libwinpthread-1.dll. This vulnerability poses significant risks to the security of systems running this version of GalaxyClient, potentially allowing unauthorized access or control.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved