Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/536961/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
Configurations
History
07 Feb 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
First Time |
Valvesoftware steam Client
Valvesoftware |
|
CPE | cpe:2.3:a:valvesoftware:steam_client:2.10.91.91:*:*:*:*:*:*:* | |
References | (MISC) http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.html - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/536961/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2015-11-24 20:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-7985
Mitre link : CVE-2015-7985
CVE.ORG link : CVE-2015-7985
JSON object : View
Products Affected
valvesoftware
- steam_client
CWE
CWE-276
Incorrect Default Permissions