CVE-2019-15511

Name of the Vulnerable Software and Affected Versions GOG Galaxy versions prior to 1.2.60 GOG Galaxy 2.0 Beta versions prior to the version that includes the fix for this issue

Description A local privilege escalation issue exists due to improper access control in the GalaxyClientService installed by GOG Galaxy, allowing an attacker to send unauthenticated local TCP packets and gain SYSTEM privileges on a Windows system with GOG Galaxy installed.

Recommendations For GOG Galaxy versions prior to 1.2.60, update to version 1.2.60 or later. For GOG Galaxy 2.0 Beta, wait for an updated version that includes the fix for this issue and apply it as soon as it becomes available. As a temporary workaround, consider restricting access to the GalaxyClientService to minimize the risk of exploitation.