CVE-2023-50915

Name of the Vulnerable Software and Affected Versions GOG Galaxy (Beta) versions 2.0.67.2 through 2.0.71.2

Description An issue exists in GalaxyClientService.exe that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link, resulting in a denial of service.

Recommendations For versions 2.0.67.2 through 2.0.71.2, consider disabling the GalaxyClientService.exe until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.