Arbitrary File Modification Vulnerability in Valve Steam Client

Arbitrary File Modification Vulnerability in Valve Steam Client

CVE-2019-17180 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

Learn more about our Web Application Penetration Testing UK.