Vulnerability Description
An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/anvilsecure/gog-galaxy-app-research
- https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-
- https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?produ
- https://github.com/anvilsecure/gog-galaxy-app-research
- https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-
- https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?produ
FAQ
What is CVE-2023-50915?
CVE-2023-50915 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NT...
How severe is CVE-2023-50915?
CVE-2023-50915 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50915?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.