“An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges,” according to Cisco. This enables all users to read, write or modify arbitrary files related to the GOG Galaxy Updater Service. The issue is that GOG Galaxy extracts the executables for the automatic update function in a directory by default, allowing anyone on the system to have full control. The flaw (CVE-2018-4048) exists in the file system permissions of GOG Galaxy’s “temp” directory, which is where games that users are downloading go until they have been fully downloaded. The two most serious vulnerabilities are an exploitable local privilege escalation vulnerability (CVE-2018-4048) in the file system permissions of GOG Galaxy’s “temp” directory, and a exploitable local privilege elevation vulnerability (CVE-2018-4049) in the file system permissions of GOG Galaxy’s “games” directory. A patch is available and users are encouraged to update as soon as possible. GOG, short for “Good Old Games,” has emerged as a popular alternative for Steam by offering older games not typically available on digital PC marketplaces. GOG Galaxy, version 1.2.48.36, is impacted. “As they all come from different functions, there is no one, clear workaround and they can only be fixed through this patch.” “Users are encouraged to update to the latest version of GOG Galaxy Games here as soon as possible in order to avoid these vulnerabilities,” said Talos researchers in a Tuesday post. The researchers assert that the GOG Galaxy video game launcher contains six flaws that could allow a malicious actor to carry out a variety of attacks – including two critical vulnerabilities enabling an attacker to execute arbitrary code with system privileges. GOG Galaxy Games, a popular video game digital distribution platform that enables users to purchase new games and launch them from their desktop, is riddled with vulnerabilities, according to researchers at Cisco Talos.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |