Home / Early Warning / Cybersecurity Highlights / Vulnerability found in the Steam gaming platform

Vulnerability found in the Steam gaming platform

03/15/2019

The video game platform Steam, belonging to Valve, allows players to search for game servers through a specific UDP protocol for which a buffer overflow vulnerability has been found. This vulnerability would allow remote code execution in the Steam client, taking control of computers accessing malicious gaming servers.

For this failure a proof of concept has been developed for Windows 8.1 and Windows 10 and it is estimated that it could also be done in GNU / Linux. It could not be detected in OS X, since it closes the process when detecting the buffer overflow. Valve has solved this vulnerability with an automatic update of the Steam client.