PT-2019-14044 · Valve · Steam Client

Publicado

2019-08-21

Atualizado

2020-08-24

CVE-2019-15315

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Valve Steam Client for Windows versions prior to 2019-08-16

Description The issue allows local users to escalate privileges to NT AUTHORITYSYSTEM. This is possible because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack a specific security patch.

Recommendations For versions prior to 2019-08-16, update to a version that includes the necessary security patch to prevent privilege escalation.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-15315

Produtos afetados

Steam Client

PT-2019-14044 · Valve · Steam Client

CVE-2019-15315

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3