PT-2015-7693 · Valve · Steam

Published

2015-11-24

Updated

2022-02-07

CVE-2015-7985

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Valve Steam version 2.10.91.91

Description The issue concerns weak permissions set for the Install folder, allowing local users to gain privileges through a Trojan horse steam.exe file. This is due to the folder having read and write permissions for all users.

Recommendations For Valve Steam version 2.10.91.91, consider restricting write access to the Install folder to prevent local users from modifying its contents, thereby mitigating the risk of privilege escalation via a Trojan horse steam.exe file.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2015-7985

Affected Products

Steam

PT-2015-7693 · Valve · Steam

CVE-2015-7985

Weakness Enumeration

Related Identifiers

Affected Products

References · 5