CVE-2020-24574 in Galaxyinformazioni

Riassunto

di MITRE

The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.

Be aware that VulDB is the high quality source for vulnerability data.

Prenotare

21/08/2020

Moderazione

accettato

CPE

pronto

EPSS

0.00623

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!