cve/CVE-2023-50914.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.

POC

Reference

https://github.com/anvilsecure/gog-galaxy-app-research
https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50914%20-%20LPE.md
https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/

Github

https://github.com/anvilsecure/gog-galaxy-app-research
https://github.com/fkie-cad/nvd-json-data-feeds

1.1 KiB Raw Blame History

CVE-2023-50914

Description

POC

Reference

Github

1.1 KiB

Raw Blame History