CVE-2016-5237

EUVD-2016-6188
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
valvesoftwaresteamos
𝑥
≤ 3.42.16.13
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
steam
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html
https://www.exploit-db.com/exploits/39888/
https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html
https://www.exploit-db.com/exploits/39888/