Brian Papile

**Name of the Vulnerable Software and Affected Versions** GalaxyClient version 2.0.28.9 **Description** The issue allows an attacker to potentially run code locally through unsigned DLL loading, as GalaxyClient loads unsigned DLLs such as `zlib1.dll`, `libgcc s dw2-1.dll`, and `libwinpthread-1.dll` from the system's PATH. **Recommendations** For GalaxyClient version 2.0.28.9, consider restricting the loading of unsigned DLLs to prevent potential code execution. As a temporary workaround, restrict access to the PATH to minimize the risk of exploitation.