CVE-2022-31262 Information

Description

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file resulting in code execution as SYSTEM.

Reference

https://secure77.de/category/subjects/researches/ https://secure77.de/gog-galaxy-cve-2022-31262/