PT-2019-14045 · Valve · Valve Steam Client

Publicado

2019-08-21

Atualizado

2020-08-24

CVE-2019-15316

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Valve Steam Client for Windows versions through 2019-08-20

Description The issue is related to weak folder permissions, which can lead to privilege escalation to NT AUTHORITYSYSTEM. This can be achieved through crafted use of CreateMountPoint.exe and SetOpLock.exe by leveraging a Time-of-Check-to-Time-of-Use (TOCTOU) race condition.

Recommendations For versions through 2019-08-20, update to a version released after 2019-08-20 to resolve the issue.

Exploit

Correção

Incorrect Permission

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-367

Identificadores relacionados

CVE-2019-15316

Produtos afetados

Valve Steam Client

PT-2019-14045 · Valve · Valve Steam Client

CVE-2019-15316

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6