CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
valvesoftwaresteam_client
2.10.91.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
steam
bullseye/non-free
1.0.0.68-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
steam
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/536961/100/0/threaded
http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/536961/100/0/threaded