Sec77

**Name of the Vulnerable Software and Affected Versions** GOG Galaxy versions 2.0.46 through 2.0.51 **Description** An exploitable local privilege escalation issue exists due to insufficient folder permissions. An attacker can hijack the %ProgramData%GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. **Recommendations** For GOG Galaxy versions 2.0.46 through 2.0.51, consider restricting access to the GalaxyCommunication service to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the GalaxyCommunication service may prevent the issue, but this may affect the functionality of GOG Galaxy. At the moment, there is no information about a newer version that contains a fix for this vulnerability.