Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.
References
Link | Resource |
---|---|
https://amonitoring.ru/article/onemore_steam_eop_0day/ | Third Party Advisory |
https://habr.com/ru/company/pm/blog/464367/ | Third Party Advisory |
https://www.youtube.com/watch?v=I93aH86BUaE | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=ZCHrjP0cMew | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-21T19:36:06
Updated: 2019-08-21T19:36:06
Reserved: 2019-08-21T00:00:00
Link: CVE-2019-15316
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-21T20:15:12.930
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-15316
JSON object: View
Redhat Information
No data.