CVE-2019-17180
HIGHValve Steam Client < 2019-09-12 - Path Traversal and Arbitrary File Write
Title source: llmDescription
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://amonitoring.ru/article/steam_vuln_3/
Exploit, Third Party Advisory x_refsource_misc
https://habr.com/ru/company/pm/blog/469507/
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/682774
Release Notes, Vendor Advisory x_refsource_misc
https://store.steampowered.com/news/54236/
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/583184
Scores
CVSS v3
7.8
EPSS
0.0072
EPSS Percentile
49.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
valvesoftware/steam_client
< 2019-09-12
Published
Oct 04, 2019
Tracked Since
Feb 18, 2026