9 matches found
CVE-2021-30481
CVE-2021-30481 affects Valve Steam (with Source engine) up to around April 2021. A buffer overflow triggered by a Steam invite after one click allows remote authenticated code execution, via the installed Source engine game. Public Red Hat, CNVD, CNNVD and other records corroborate the vulnerabil...
CVE-2019-17180
Summary: CVE-2019-17180 affects Valve Steam Client prior to 2019-09-12. The vulnerability allows placing or appending partially controlled filesystem content, demonstrated by file modifications on Windows under NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or ...
CVE-2019-14743
CVE-2019-14743 affects Valve Steam Client for Windows (through 2019-08-07). The root cause is insecure permissions in HKLM\SOFTWARE\Wow6432Node\Valve\Steam and Steam folders, where the Users group has explicit Full control, enabling local users to gain NT AUTHORITY\SYSTEM. Red Hat CVE entries cor...
CVE-2020-15530
Valve Steam Client 2.10.91.91 is affected by a local privilege-escalation issue in the installer. The vulnerability arises from weak permissions in parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam during a critical time window, which an attacker can extend using opportuni...
CVE-2019-15315
The CVE-2019-15315 entry concerns Valve Steam Client for Windows (up to 2019-08-16). Local attackers can achieve NT AUTHORITY\SYSTEM privilege escalation by replacing the SteamService.exe and SteamService.dll binaries with older, unpatched versions that bypassed CVE-2019-14743. Root cause is abus...
CVE-2015-7985
Valve Steam 2.10.91.91 has weak permissions on the Install folder (Users: read/write), enabling local privilege escalation via a trojan steam.exe. Affected component: Steam Install directory; root cause: improper file permissions. Impact: local privilege gain; exploitation details or in-wild stat...
CVE-2015-4016
The CVE-2015-4016 issue affects the Valve Steam client: the client-detection protocol is vulnerable to a crafted response to a broadcast packet, allowing remote attackers to crash the Steam process (DoS). The vulnerability is described across multiple sources (NVD entry and ZDI advisory) as a net...
CVE-2018-12270
Affected product: Valve Steam (1528829181 BETA). The vulnerability is a homograph/homoglyph attack that allows creating fake URLs in the Steam client, potentially fooling users into visiting unintended websites. Root cause details are not provided in the documents. Impact is described as user con...
CVE-2019-15316
Affected product: Valve Steam Client for Windows (through 2019-08-20). The vulnerability is caused by weak folder permissions that enable a TOCTOU race condition, exploited via crafted use of CreateMountPoint.exe and SetOpLock.exe to escalate privileges to NT AUTHORITY\SYSTEM. Connected documents...