Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GOG GALAXY 信任管理问题漏洞
Vulnerability Description
GOG Galaxy是波兰GOG公司的一款游戏客户端程序。该程序用于安装、启动和更新游戏。 GOG GALAXY 2.0.20版本中存在信任管理问题漏洞,该漏洞允许从任何经过身份验证的用户到SYSTEM的提权。
CVSS Information
N/A
Vulnerability Type
N/A