CVE-2019-17180
Summary
| CVE | CVE-2019-17180 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-04 20:15:00 UTC |
| Updated | 2020-01-16 13:15:00 UTC |
| Description | Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Valvesoftware | Steam Client | All | All | All | All |
| Application | Valvesoftware | Steam Client | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| News - Steam Client Update Released | MISC | store.steampowered.com | Release Notes, Vendor Advisory |
| Third Steam Windows Client vulnerability, but not 0day | MISC | amonitoring.ru | Exploit, Third Party Advisory |
| HackerOne | MISC | hackerone.com | Exploit, Third Party Advisory |
| HackerOne | MISC | hackerone.com | |
| Третья уязвимость Steam Windows Client, но не 0day / Блог компании Перспективный мониторинг / Хабр | MISC | habr.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.