Steam exploit left Millions of users vulnerable since 10 years

A security researcher found a vulnerability on steam platform. This serious vulnerability allows hackers to overtake control of steam users computer. The flaw has been there since 10 years.


Tom Court, a security researcher at Contextis, wrote here about this security bug. This bug which had existed in the Steam client for at least the last ten years, and until last July would have resulted in remote code execution (RCE) in all 15 million active clients.

In July 2017 Valve (finally) compiled their code with modern exploit protections enabled. After this, it simply caused a client crash, with RCE only possible in combination with a separate info-leak vulnerability.


The vulnerability found by Tom Court was reported to Valve on the 20th February 2018 and to their credit, was fixed in the beta branch less than 12 hours later. The fix was pushed to the stable branch on the 22nd March 2018. Details may be found at this blog post, Motherboard has here a story.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *