PT-2015-7693 · Valve · Steam

Publicado

2015-11-24

Atualizado

2022-02-07

CVE-2015-7985

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Valve Steam version 2.10.91.91

Description The issue concerns weak permissions set for the Install folder, allowing local users to gain privileges through a Trojan horse steam.exe file. This is due to the folder having read and write permissions for all users.

Recommendations For Valve Steam version 2.10.91.91, consider restricting write access to the Install folder to prevent local users from modifying its contents, thereby mitigating the risk of privilege escalation via a Trojan horse steam.exe file.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2015-7985

Produtos afetados

Steam

PT-2015-7693 · Valve · Steam

CVE-2015-7985

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5