CVE-2015-7985
published 2015-11-24CVE-2015-7985: Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse…
PriorityP433high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.99%
58.2th percentile
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | steam | — | — |
| valvesoftware | steam_client | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_debian7.2LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hr2-v4fr-qrw8: Valve Steam 2
ghsa_unreviewed·2022-05-13
CVE-2015-7985 [HIGH] CWE-276 GHSA-3hr2-v4fr-qrw8: Valve Steam 2
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
Debian
CVE-2015-7985: steam - Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Ins...
vendor_debian·2015·CVSS 7.2
CVE-2015-7985 [HIGH] CVE-2015-7985: steam - Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Ins...
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
Scope: local
bullseye: resolved
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.htmlhttp://www.securityfocus.com/archive/1/536961/100/0/threadedhttp://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.htmlhttp://www.securityfocus.com/archive/1/536961/100/0/threaded
2015-11-24
Published