CVE-2018-4048 - An exploitable local privilege elevation vulnerability exists in the file system permissions of the

CVE-2018-4048

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0722

Vulnerable Configurations

cpe:2.3:a:gog:galaxy:1.2.48.36:*:*:*:*:*:*:*
cpe:2.3:a:gog:galaxy:1.2.48.36:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 07-06-2022 - 16:48)
Impact:
Exploitability:

CWE

CWE-668

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0722

Last major update

07-06-2022 - 16:48

Published

30-05-2019 - 17:29

Last modified

07-06-2022 - 16:48