wraggster
October 17th, 2012, 22:00
A new security company has found a vulnerability in Steam’s browser that could allow hackers to upload malicious code to a PC.
According to the findings from security research firm, ReVuln, Steam’s in-game browser can be tricked in to redirecting to malicious websites which then upload malware that can give a hacker remote access to Steam’s command protocols.
Firstly, Steam’s install feature can be used to trick the system in to installing code on to a PC. It usually installs backups from a local directory but the path can be reconfigured to utilise a networked folder on a remote host.
When run in conjunction with various games, such as the Team Fortress and APB: Reloaded, this technique can allow a hacker to implement a number of exploits including directory traversal and integer overflows.
http://www.pcr-online.biz/news/read/new-security-flaw-found-in-steam/029399
According to the findings from security research firm, ReVuln, Steam’s in-game browser can be tricked in to redirecting to malicious websites which then upload malware that can give a hacker remote access to Steam’s command protocols.
Firstly, Steam’s install feature can be used to trick the system in to installing code on to a PC. It usually installs backups from a local directory but the path can be reconfigured to utilise a networked folder on a remote host.
When run in conjunction with various games, such as the Team Fortress and APB: Reloaded, this technique can allow a hacker to implement a number of exploits including directory traversal and integer overflows.
http://www.pcr-online.biz/news/read/new-security-flaw-found-in-steam/029399