CVE-2019-17180

描述

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

如何修補 CVE-2019-17180

要修補 CVE-2019-17180,請將受影響套件升級到下列已修補版本。

• PyPI/steam—升級至 2019-09-12 或更新版本

CVE-2019-17180 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 2019-09-12

參考連結(5)

• ADVISORYhabr.com/ru/company/pm/blog/469507/
• WEBamonitoring.ru/article/steam_vuln_3/
• WEBhackerone.com/reports/583184
• WEBhackerone.com/reports/682774
• WEBstore.steampowered.com/news/54236/