Reported that a serious vulnerability that allows the Steam client to remotely control the user's PC over the past 10 years was left unattended

byBagoGames

It is a platform for download sales of PC gamesSteam"It was confirmed that there was a vulnerability in which remote code execution from the outside was carried out to the Steam client for at least 10 years until July 2017", and it is reported on the official blog of cyber security company · Context. This vulnerability has already been fixed.

Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client | Context Information Security
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client

Context security researcher Tom Coat reported on February 20, 2018 that Valve, which runs Steam, has a bug in the Steam client. The bug is that there is a problem with the checking of the UDP packet of the Steam client and the heap corruption occurs under certain conditions, and if this bug is exploited it will be possible to execute code remotely from the outside about. "This bug may have been used as the foundation of a malicious program, the bug itself is so simple that it was relatively easy to misuse it," he said.

In fact you can see how Context researchers are activating calculator app using Steam's vulnerability in the following movie.

(56) A Remote Code Execution Vulnerability in the Steam Client - YouTube


However, it was almost impossible to exploit this vulnerability when Valve implemented the security function called ASLR in Steam client in July 2017. Also,crackerIn order to exploit this vulnerability, it is necessary to send a malicious packet after checking the connection between the Steam client and the server, so it is actually quite difficult to target individual users It is said that.


Although it was not really a big security problem in fact, Mr. Court said, "Even so, the fact that such serious and simple bugs have existed for many years in popular software platforms is surprising. The code that gave birth is probably very old, and developers should check whether they regularly adhere to the latest security standards, even if there is no change in the functionality of the code. " It is.

In addition, Valve corrected it in 8 hours from the report, and completed in the beta client in just 12 hours. furtherClient update on April 4, 2018The fix was also made to the stable version client. Mr. Court has valued Valve 's prompt response, "Perhaps the fastest response of Context has been involved in the past".