PT-2019-10779 · Gog · Gog Galaxy

Published

2019-04-02

Updated

2022-06-07

CVE-2018-4049

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GOG Galaxy version 1.2.48.36

Description A local privilege elevation issue exists in the file system permissions of the "Games" directory. This allows an attacker to overwrite executables of installed games, potentially leading to the execution of arbitrary code with elevated privileges.

Recommendations For version 1.2.48.36, consider restricting access to the "Games" directory to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor the directory for any suspicious changes to executables of installed games.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-4049

Affected Products

Gog Galaxy

PT-2019-10779 · Gog · Gog Galaxy

CVE-2018-4049

Weakness Enumeration

Related Identifiers

Affected Products

References · 3