CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...

CVE-2019-15316

Affected product: Valve Steam Client for Windows (through 2019-08-20). The vulnerability is caused by weak folder permissions that enable a TOCTOU race condition, exploited via crafted use of CreateMountPoint.exe and SetOpLock.exe to escalate privileges to NT AUTHORITY\SYSTEM. Connected documents...