CVE-2016-5237

MEDIUM

Valvesoftware Steamos < 3.42.16.13 - Access Control

Title source: rule

Description

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.

Exploits (1)

exploitdb WRITEUP

by Gregory Smiley · textlocalwindows

https://www.exploit-db.com/exploits/39888

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39888/

Scores

CVSS v3 4.8

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-264

Status published

Affected Products (2)

valvesoftware/steamos < 3.42.16.13

n/a/n/a

Timeline

Published Jan 23, 2017

Tracked Since Feb 18, 2026