Valve Corporation Steam CVE-2020-15530 Race Condition Vulnerability

description-logoDescription

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\\Steam and/or %COMMONPROGRAMFILES(X86)%\\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.

affected-products-logoAffected Applications

Steam

CVE References

CVE-2020-15530