CVE-2016-5237 Information

Description

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Reference

https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html https://www.exploit-db.com/exploits/39888/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

4.8