A new security company has found a vulnerability in Steam’s browser that could allow hackers to upload malicious code to a PC.
According to the findings from security research firm, ReVuln, Steam’s in-game browser can be tricked in to redirecting to malicious websites which then upload malware that can give a hacker remote access to Steam’s command protocols.
Firstly, Steam’s install feature can be used to trick the system in to installing code on to a PC. It usually installs backups from a local directory but the path can be reconfigured to utilise a networked folder on a remote host.
When run in conjunction with various games, such as the Team Fortress and APB: Reloaded, this technique can allow a hacker to implement a number of exploits including directory traversal and integer overflows.
ReVuln have uploaded a video of the proof of concept.
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.