This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected).
838d647668cc088d77656589096800f2021592f3069d7864d56f5dacf3b71773