cve/CVE-2019-15316.md at e67cd2fdb0a3b693c8a19c46acadbde4fe3ee9dd

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-16 20:27:21 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.

POC

Reference

https://www.youtube.com/watch?v=I93aH86BUaE
https://www.youtube.com/watch?v=ZCHrjP0cMew

Github

No PoCs found on GitHub currently.

742 B Raw Blame History

CVE-2019-15316

Description

POC

Reference

Github

742 B

Raw Blame History