You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!



  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
New 'steam://' Vulnreability Discovered in Valve's Steam
« on: November 19, 2015, 05:22:09 pm »
For all the gamers out there, beware! There is a new vulnerability that has been recently published. According to Symantec researchers, the vulnerability is of the corss site scripting type and allow attackers to exploit it in order to infect unsuspecting users. The vulnerability may be used if an attacker decides to run a malicious script that is programmed to run in the browser of a user that is not suspecting. The script may load a malicious website which may give attackers the power to steal information such as the user's steam password and username as well as install other intrusive programs like worms, infostealers, downloaders and others.

There is no known information for the vulnerability to be patched so far and this is why we recommend users to not add unfamiliar Steam Accounts to their friends list, especially accounts that are 0 level and they are suspicious. It is also advisable not to click on any links from unfamiliar people since they may be malicious. Also it is recommended to report such users and set the profile settings in steam so that they are blocked.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.