Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
References
Link | Resource |
---|---|
https://amonitoring.ru/article/steam_vuln_3/ | Exploit Third Party Advisory |
https://habr.com/ru/company/pm/blog/469507/ | Exploit Third Party Advisory |
https://hackerone.com/reports/583184 | |
https://hackerone.com/reports/682774 | Exploit Third Party Advisory |
https://store.steampowered.com/news/54236/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-04T19:21:02
Updated: 2020-01-16T12:49:05
Reserved: 2019-10-04T00:00:00
Link: CVE-2019-17180
JSON object: View
NVD Information
Status : Modified
Published: 2019-10-04T20:15:11.377
Modified: 2020-01-16T13:15:11.690
Link: CVE-2019-17180
JSON object: View
Redhat Information
No data.
CWE