CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15530

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.1%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.html
http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.html

Products affected by CVE-2020-15530

Valvesoftware » Steam Client » Version: 2.10.91.91

cpe:2.3:a:valvesoftware:steam_client:2.10.91.91

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15530

Products

Pricing

Contact Us