Valve: Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client
The vulnerability allows to create arbitrary file with some crafted text or append to existing file. Tested on actual version 5.31.28.21 SteamService.exe filevesion info. At start of the report I describe how to trigger vulnerability, than describe how to cause any consequences. How to trigger - ...