CVE-2018-3974

HIGH

GOG Galaxy - Unauthenticated Local Privilege Escalation via Install Directory File Overwrite

Title source: llm
STIX 2.1

Description

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0640

Scores

CVSS v3 7.8
EPSS 0.0053
EPSS Percentile 40.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
gog/galaxy 1.2.45.61
Published Apr 02, 2019
Tracked Since Feb 18, 2026