Valvesoftware: >> Steam Client >> 2019-09-10 Security Vulnerabilities
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVSS Score
8.0
EPSS Score
0.11
Published
2021-04-10
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-10-04