CVE-2021-26807

Beschreibung:
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.

CWE: CWE-426

CVSS-Bewertung
CVSS 2: MEDIUM – 4.4 (Version: 2.0)
CVSS 3: HIGH – 7.8 (Version: 3.1)

Links:

NVD – CVE-2021-26807
CVE – CVE-2021-26807

Link (max. 20) Quelle Tags
https://illuminati.services/2021/04/29/cve-2021-26807-gog-galaxy-v2-0-35-dll-load-order-hijacking/ MISC Exploit Third Party Advisory Third Party Advisory
https://www.gog.com MISC Vendor Advisory Third Party Advisory
https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1 MISC Exploit Third Party Advisory Third Party Advisory
https://grafana.com/docs/metrics-enterprise/ MISC Product Vendor Advisory

Quelle: NVD – CVE-2021-26807
Datum Veröffentlichung: 2021-04-30T11:15Z, Datum letzte Änderung: 2021-05-12T12:26Z