CVE-2020-24574 in Galaxy
Riassunto
di MITRE
The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.
Be aware that VulDB is the high quality source for vulnerability data.