CVE-2019-17180

HIGH

Valve Steam Client < 2019-09-12 - Path Traversal and Arbitrary File Write

Title source: llm
STIX 2.1

Description

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://amonitoring.ru/article/steam_vuln_3/
Exploit, Third Party Advisory x_refsource_misc
https://habr.com/ru/company/pm/blog/469507/
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/682774
Release Notes, Vendor Advisory x_refsource_misc
https://store.steampowered.com/news/54236/
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/583184

Scores

CVSS v3 7.8
EPSS 0.0072
EPSS Percentile 49.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
valvesoftware/steam_client < 2019-09-12
Published Oct 04, 2019
Tracked Since Feb 18, 2026