cbcvebase.
CVE-2016-5237
published 2017-01-23

CVE-2016-5237: Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain…

PriorityP424medium4.8CVSS 3.0
AVLACLPRLUIRSUCLILAL
EXPLOIT
EPSS
0.78%
51.4th percentile
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.

Affected

1 ranges
VendorProductVersion rangeFixed in
valvesoftwaresteamos<= 3.42.16.13

CVSS provenance

nvdv3.04.8MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.