CVE-2020-24574 in Galaxyالمعلومات

الملخص

بحسب MITRE

The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.

Be aware that VulDB is the high quality source for vulnerability data.

حجز

21/08/2020

الاعتدال

تمت الموافقة

إدخال

VDB-160093

EPSS

0.00623

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to know what is going to be exploited?

We predict KEV entries!