Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
October 17, 2012 05:05 pm

Steam Protocol Opens PCs to Remote Code Execution


Via the H comes news of a possible remote attack vector using the protocol handler installed by Valve's Steam platform: "During installation, it registers the steam:// URL protocol which is capable of connecting to game servers and launching games ... In the simplest case, an attacker can use this to interfere with the parameters that are submitted to the program. For example, the Source engine's command line allows users to select a specific log file and add items to it. The ReVuln researchers say that they successfully used this attack vector to infect a system (PDF) via a batch file that they had created in the autostart folder. ... In the even more popular Unreal engine, the researchers also found a way to inject and execute arbitrary code. Potential attackers would, of course, first have to establish which games are installed on the target computer. "

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LyT2WZDuqDs/steam-protocol-opens-pcs-to-remote-code-execution

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot