Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
DRM Security

Steam Protocol Opens PCs to Remote Code Execution 128

Posted by Unknown Lamer from the basically-working-as-designed dept.
Via the H comes news of a possible remote attack vector using the protocol handler installed by Valve's Steam platform: "During installation, it registers the steam:// URL protocol which is capable of connecting to game servers and launching games ... In the simplest case, an attacker can use this to interfere with the parameters that are submitted to the program. For example, the Source engine's command line allows users to select a specific log file and add items to it. The ReVuln researchers say that they successfully used this attack vector to infect a system (PDF) via a batch file that they had created in the autostart folder. ... In the even more popular Unreal engine, the researchers also found a way to inject and execute arbitrary code. Potential attackers would, of course, first have to establish which games are installed on the target computer. "
This discussion has been archived. No new comments can be posted.

Steam Protocol Opens PCs to Remote Code Execution More

Steam Protocol Opens PCs to Remote Code Execution

Comments Filter:

  • Before anyone panics... (Score:4, Informative)

    by MachDelta ( 704883 ) on Wednesday October 17, 2012 @12:05PM (#41682343)

    A (user side) solution from TFA:

    The issue can be limited by disabling the steam:// URL handler

    Sounds alright to me. I can't recall ever clicking a steam:// link anyways.

  • Re:Before anyone panics... (Score:5, Informative)

    by sourcerror ( 1718066 ) on Wednesday October 17, 2012 @12:10PM (#41682445)

    If you want to place shortcuts to your desktop you will need it though.

  • Re:How is this an exploit? (Score:5, Informative)

    by Baloroth ( 2370816 ) on Wednesday October 17, 2012 @12:36PM (#41682817)

    I do not get how exactly this is an exploit. You need to create a batch file on the intended system start-up folder first. If you can do that. Why not just have the batch file execute a command to download a malicious file and execute it?

    Because you have the wrong order. The exploit can be used to create the batch file, which is then auto-executed when windows next starts (autoexec.bat).

  • Re:Why is this even on Slashdot (Score:4, Informative)

    by Baloroth ( 2370816 ) on Wednesday October 17, 2012 @12:40PM (#41682877)

    The sentence is poorly phrased: what they mean is that they create the .bat file using some command line parameters (one of which dumps console output to the file of your choice, which could be "c:/autoexec.bat"). That then gets executed automatically on login, and boom, exploited.

    The solution is pretty easy: make browsers that open external programs for a link show what they are doing and exactly what the command is, and/or have steam show the same when it loads the protocol command. Steam could also refuse to pass command line parameters, but that limits the usefulness of the protocol in the first place (might be necessary, unfortunately).

  • Re:Before anyone panics... (Score:3, Informative)

    by The MAZZTer ( 911996 ) <(megazzt) (at) (gmail.com)> on Wednesday October 17, 2012 @12:47PM (#41682971) Homepage
    If you have used Steam you have clicked on a steam:// link at some point. The built-in web browser uses links all over the place. The install button for installing your now-purchased games uses it. Every link that opens in a new browser window uses it.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close