Steam protocol vulnerability allows remote code execution

Source: Internet
Author: User

Millions of Steam users may be potential victims. Security researchers have found that the Steam browser Protocol has the vulnerability that allows remote code execution (PDF. After a user installs Steam on a computer, it registers the steam: // URL protocol to allow players to connect to the game server and start the game. However, when a user clicks a special form of Steam URL, attackers can remotely exploit the buffer overflow vulnerability of Steam games and programs to run malicious code on the target computer.

For example, in a game based on the Source engine, an attacker uses a URL-encoded runtime command to prompt the game to create a log file containing arbitrary content. With this vulnerability, attackers can create batch files in the startup folder. For games based on the Unreal Engine, researchers found a way to inject and execute arbitrary code. To launch such an attack, you must first know what type of game players have installed on their computers.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.