CVE-2018-3974

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt