The vulnerability lies within Steam Client Service. The service may be started or stopped by unprivileged users. This becomes a problem because, when run,Steam Client Service automatically sets permissions on a range of registry keys. If a mischievous—or outright malicious—user were to symlink one of these keys to that belonging to another service, it becomes possible for arbitrary users to start or stop that service as well. This becomes even more problematic when you realize that it's possible to pass arguments to services that run under extremely privileged accounts—such as msiserver, the Windows Installer service.Following several rejections from HackerOne, Kravets decided to publicly disclose the flaw. Full details at ARS Technica.
Steam vulnerability can give malware full access to your system
Posted on Thursday, August 08 2019 @ 12:21 CEST by Thomas De Maesschalck