CVE-2016-5237
Published: 23 January 2017
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
Notes
Author | Note |
---|---|
tyhicks | the steam client in multiverse auto-updates itself judging by the CVE description, this may be specific to Windows |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |