• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Steam vulnerability can lead to remote insertion of malicious code

stinger608

stinger608

Dedicated TPU Cruncher & Folder
Joined
Nov 11, 2008
Messages
11,115 (1.97/day)
Location
Wyoming
System Specs
System Name Dean Machine/2020 Ryzenfall
Processor Intel 4790K/AMD Ryzen 3700X
Motherboard MSI 1150 Gaming mATX/Gigabyte AORUS ELITE B550
Cooling Cooler Master Hyper 212 LED/SilverStone AH240 AIO
Memory 16 gigs Crucial Ballistix Tactical Tracer/16 gigs G.Skill TridentZ NEO DDR4
Video Card(s) Gigabyte 1660 Super/Gigabyte GTX 1660
Storage Crucial SSD 256 and 2TB spinner/Dual Samsung 980 Pro M2 NVME 4.0
Display(s) Overlord 27" 2560 x 1440
Case Corsair Air 540
Audio Device(s) On board
Power Supply Seasonic modular 850 watt Platinum/EVGA T2-850 Titanium
Software Windows 10 Pro/Windows 10 Pro
ARSTechnica said:
Millions of Steam users are potentially vulnerable to a newly disclosed attack method that exploits a hole in the way Steam commands interact with certain games, Web browsers, e-mail clients, and other software.

Security researchers at ReVuln, based in Malta, published details of the attack [PDF] earlier this week. The vulnerability resides in the Steam Browser protocol, which is commonly used by websites such as the Steam Web Store to install, uninstall or launch Steam games and perform other common tasks, using URLs starting with "Steam://". By getting a user to click a link to a specially formed Steam URL, an attacker can remotely exploit buffer overflow bugs and other vulnerabilities in various Steam games and in Steam itself to create and run malicious code on a target's machine, as shown in a posted proof of concept video.
Click to expand...

Here is the entire article over at ARSTechnica:

http://arstechnica.com/security/201...n-lead-to-remote-insertion-of-malicious-code/

Needless to say, people should take precautions to prevent such an attack.
 
You must log in or register to reply here.
Top