Blog

Author

Team Trojan Hunt

Date

July 01, 2018

Share

Tom Court, a security researcher from Context Information Security, discovered a flaw which would allow the attacker to execute malicious code on all of Steams 15 million gaming clients. The flaw worked even without prior access to the clients PC. It sent some malicious UDP packets over the network without the need to access the victim’s computer, meaning, the bug could then be triggered allowing the attacker to run malicious code.

The main cause of this error is a buffer overflow in one of the steams internal libraries. Most of the Steam code is fragmented in the user datagram protocol assembly. The Context researcher said that exploitation of this particular
flaw would have been more straightforward prior to July 2017 at which time Valve added the ASLR protection to the data streams.

This gave the attacker an opportunity to have access to exposed memory and even the location of the steam accounts. Steam and Valve received the information about the update earlier this year and within a mere 12 hours of the report, a beta version of the Steam Client was launched and a final fix was scheduled.

Share this:

Like this:

Like Loading…

Discover more from Trojan Hunt India LLP

Subscribe now to keep reading and get access to the full archive.

Continue reading