CVE-2022-31262

Published: Aug 17, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

Affected (1)

Products: Gog: Galaxy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gog Galaxy	From 2.0.46 to 2.0.51

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (8)

https://github.com/secure-77/CVE-2022-31262

Source: cve@mitre.org

ExploitThird Party Advisory

https://secure77.de/category/subjects/researches/

Source: cve@mitre.org

ExploitThird Party Advisory

https://secure77.de/gog-galaxy-cve-2022-31262/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=Bgdbx5TJShI

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/secure-77/CVE-2022-31262

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://secure77.de/category/subjects/researches/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://secure77.de/gog-galaxy-cve-2022-31262/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=Bgdbx5TJShI

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.