CVE-2019-14743

In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.

Published : 2019-08-07 15:15 Updated : 2019-08-28 21:15

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Valvesoftware Steam Client 2019-08-07 cpe:/a:valvesoftware:steam_client:2019-08-07
  1. Valvesoftware (1) Search CVE
    1. Steam Client (1) Search CVE
      1. 2019-08-07

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-08-28 21:15
2019-08-19 13:08
2019-08-07 15:15

New CVE