Vulnerability Details CVE-2019-15316
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.8%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
- https://amonitoring.ru/article/onemore_steam_eop_0day/
- https://habr.com/ru/company/pm/blog/464367/
- https://www.youtube.com/watch?v=I93aH86BUaE
- https://www.youtube.com/watch?v=ZCHrjP0cMew
- https://amonitoring.ru/article/onemore_steam_eop_0day/
- https://habr.com/ru/company/pm/blog/464367/
- https://www.youtube.com/watch?v=I93aH86BUaE
- https://www.youtube.com/watch?v=ZCHrjP0cMew
Products affected by CVE-2019-15316
-
cpe:2.3:a:valvesoftware:steam_client:-
-
cpe:2.3:a:valvesoftware:steam_client:2.10.91.91
-
cpe:2.3:a:valvesoftware:steam_client:2018-03-22
-
cpe:2.3:a:valvesoftware:steam_client:2018-03-26
-
cpe:2.3:a:valvesoftware:steam_client:2018-04-02
-
cpe:2.3:a:valvesoftware:steam_client:2018-04-04
-
cpe:2.3:a:valvesoftware:steam_client:2018-05-16
-
cpe:2.3:a:valvesoftware:steam_client:2018-05-18
-
cpe:2.3:a:valvesoftware:steam_client:2018-06-01
-
cpe:2.3:a:valvesoftware:steam_client:2018-07-24
-
cpe:2.3:a:valvesoftware:steam_client:2018-08-01
-
cpe:2.3:a:valvesoftware:steam_client:2018-08-08
-
cpe:2.3:a:valvesoftware:steam_client:2018-08-27
-
cpe:2.3:a:valvesoftware:steam_client:2018-08-29
-
cpe:2.3:a:valvesoftware:steam_client:2018-09-08
-
cpe:2.3:a:valvesoftware:steam_client:2018-10-10
-
cpe:2.3:a:valvesoftware:steam_client:2018-10-12
-
cpe:2.3:a:valvesoftware:steam_client:2018-11-08
-
cpe:2.3:a:valvesoftware:steam_client:2018-11-09
-
cpe:2.3:a:valvesoftware:steam_client:2018-11-26
-
cpe:2.3:a:valvesoftware:steam_client:2019-01-04
-
cpe:2.3:a:valvesoftware:steam_client:2019-02-01
-
cpe:2.3:a:valvesoftware:steam_client:2019-02-18
-
cpe:2.3:a:valvesoftware:steam_client:2019-03-05
-
cpe:2.3:a:valvesoftware:steam_client:2019-04-16
-
cpe:2.3:a:valvesoftware:steam_client:2019-04-29
-
cpe:2.3:a:valvesoftware:steam_client:2019-06-13
-
cpe:2.3:a:valvesoftware:steam_client:2019-06-14
-
cpe:2.3:a:valvesoftware:steam_client:2019-06-17
-
cpe:2.3:a:valvesoftware:steam_client:2019-07-16
-
cpe:2.3:a:valvesoftware:steam_client:2019-08-05
-
cpe:2.3:a:valvesoftware:steam_client:2019-08-07
-
cpe:2.3:a:valvesoftware:steam_client:2019-08-12
-
cpe:2.3:a:valvesoftware:steam_client:2019-08-16
-
cpe:2.3:a:valvesoftware:steam_client:2019-08-20
-
cpe:2.3:o:microsoft:windows:-