CVE-2019-17180

Sažetak

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

Reference

https://amonitoring.ru/article/steam_vuln_3/
https://habr.com/ru/company/pm/blog/469507/
https://hackerone.com/reports/583184
https://hackerone.com/reports/682774
https://store.steampowered.com/news/54236/

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-01-2020 - 13:15

Objavljeno

04-10-2019 - 20:15