Vulnerability Description
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Valvesoftware | Steam Client | < 2019-09-12 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://amonitoring.ru/article/steam_vuln_3/ExploitThird Party Advisory
- https://habr.com/ru/company/pm/blog/469507/ExploitThird Party Advisory
- https://hackerone.com/reports/583184
- https://hackerone.com/reports/682774ExploitThird Party Advisory
- https://store.steampowered.com/news/54236/Release NotesVendor Advisory
- https://amonitoring.ru/article/steam_vuln_3/ExploitThird Party Advisory
- https://habr.com/ru/company/pm/blog/469507/ExploitThird Party Advisory
- https://hackerone.com/reports/583184
- https://hackerone.com/reports/682774ExploitThird Party Advisory
- https://store.steampowered.com/news/54236/Release NotesVendor Advisory
FAQ
What is CVE-2019-17180?
CVE-2019-17180 is a vulnerability with a CVSS score of 7.8 (HIGH). Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This c...
How severe is CVE-2019-17180?
CVE-2019-17180 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17180?
Check the references section above for vendor advisories and patch information. Affected products include: Valvesoftware Steam Client, Microsoft Windows.