CVE-2018-4048

Name of the Vulnerable Software and Affected Versions GOG Galaxy version 1.2.48.36

Description A local privilege elevation issue exists in the file system permissions of the Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this issue and execute arbitrary code with SYSTEM privileges.

Recommendations For GOG Galaxy version 1.2.48.36, consider restricting access to the Temp directory to minimize the risk of exploitation. As a temporary workaround, avoid using the Desktop Galaxy Updater until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.