CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 3CVE-2021-30481
https://notcve.org/view.php?id=CVE-2021-30481
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. Valve Steam hasta el 10-04-2021, cuando un juego del motor de Origen es instalado, permite a usuarios autenticados remotos ejecutar código arbitrario debido a un desbordamiento del búfer que ocurre para una invitación de Steam después de un clic • https://github.com/floesen/CVE-2021-30481 https://news.ycombinator.com/item?id=26762170 https://twitter.com/floesen_/status/1337107178096881666 https://twitter.com/the_secret_club/status/1380868759129296900 https://www.youtube.com/watch?v=rNQn--9xR1Q • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15530
https://notcve.org/view.php?id=CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. Se detectó un problema en Valve Steam Client 2.10.91.91. El instalador permite a usuarios locales obtener privilegios NT AUTHORITY\SYSTEM porque algunas partes de %PROGRAMFILES(X86)%\Steam y/o %COMMONPROGRAMFILES(X86)%\Steam presentan permisos débiles durante una ventana de tiempo crítica. • http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2019-17180
https://notcve.org/view.php?id=CVE-2019-17180
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact. Valve Steam Client antes del 12-09-2019, permite colocar o agregar contenido del sistema de archivos parcialmente controlado, como es demostrado por las modificaciones de archivos en Windows en el contexto de NT AUTHORITY\SYSTEM. Esto podría conllevar a la denegación de servicio, elevación de privilegios u otro impacto no especificado. • https://amonitoring.ru/article/steam_vuln_3 https://habr.com/ru/company/pm/blog/469507 https://hackerone.com/reports/583184 https://hackerone.com/reports/682774 https://store.steampowered.com/news/54236 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2019-15316
https://notcve.org/view.php?id=CVE-2019-15316
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. Valve Steam Client para Windows hasta 2019-08-20 tiene permisos de carpeta débiles, lo que lleva a la escalada de privilegios (a NT AUTHORITY \ SYSTEM) mediante el uso diseñado de CreateMountPoint.exe y SetOpLock.exe para aprovechar una condición de carrera TOCTOU. • https://amonitoring.ru/article/onemore_steam_eop_0day https://habr.com/ru/company/pm/blog/464367 https://www.youtube.com/watch?v=I93aH86BUaE https://www.youtube.com/watch?v=ZCHrjP0cMew • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15315
https://notcve.org/view.php?id=CVE-2019-15315
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. Valve Steam Client para Windows hasta 2019-08-16 permite la escalada de privilegios (a NT AUTHORITY \ SYSTEM) porque los usuarios locales pueden reemplazar las versiones actuales de SteamService.exe y SteamService.dll con versiones anteriores que carecen del parche CVE-2019-14743. • https://xiaoyinl.github.io/steam_EoP_bypass.html • CWE-732: Incorrect Permission Assignment for Critical Resource •