admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-50914.md

19 lines
959 B
Markdown
Raw Normal View History

Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00
### [CVE-2023-50914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50914)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.
### POC
#### Reference
- https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/
#### Github
- https://github.com/anvilsecure/gog-galaxy-app-research
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink