CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.

Published : 2019-08-21 20:15 Updated : 2019-08-30 12:57

6.9
CVSS Score More info
Score 6.9 / 10
6.9
Vendor Product Version URI
Valvesoftware Steam Client 2019-08-20 cpe:/a:valvesoftware:steam_client:2019-08-20
  1. Valvesoftware (1) Search CVE
    1. Steam Client (1) Search CVE
      1. 2019-08-20

CWE

ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2019-08-30 12:57
2019-08-21 20:19

New CVE