Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Firm Says Steam URLs Exploitable

Startup vulnerability research and consultancy firm ReVuln says the way Steam handles steam:// protocol URLs leaves users open to having vulnerabilities in Steam and their game exploited, reports Computerworld, who say their request for comment on this was not immediately fulfilled by Valve (thanks Ant). A proof-of-concept trailer shows what they are talking about, and here's a bit:

According to tests performed by the ReVuln researchers, Internet Explorer 9, Google Chrome and Opera display warnings and the full or partial steam:// URLs before passing them to the Steam client for execution. Firefox also requests user confirmation, but doesn't display the URL and provides no warning, while Safari automatically executes steam:// URLs without user confirmation, the researchers said.

"All the browsers that execute external URL handlers directly without warnings and those based on the Mozilla engine (like Firefox and SeaMonkey) are a perfect vector to perform silent Steam Browser Protocol calls," the researchers said. "Additionally for browsers like Internet Explorer and Opera it's still possible to hide the dodgy part of the URL from being shown in the warning message by adding several spaces into the steam:// URL itself."

Aside from tricking users to manually click on rogue steam:// URLs, attackers can use JavaScript code loaded on malicious pages to redirect browsers to such URLs, Luigi Auriemma said Tuesday via email.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

32. It's not hard. You simply guess. Oct 17, 2012, 19:47 hb3d
In order to make this exploit work, you need to be able to cause something to create the file, in order to be able to execute it.
As I wrote before, if a Source engine game is installed, it can be made to do that with this exploit.

If you don't know what's installed, you have no attack vector.
You simply guess. Sure it won't affect people who don't have a Source game installed, but so many Steam users do, and so many use the default location for Steam that it isn't hard to find a vulnerable target. It was the exact same thing with the Uplay exploit. The specified path to the executable to run in that exploit was simply a guess on the target's directory structure and installed programs. Windows also still has a %path% variable that will execute anything in that path without knowing the full path.

Even their unreal engine exploit requires a upk file to exist already, in order to cause it to crash(integer overflow).
It already exists in the Sanctum game. That is why they chose that game over the dozens of other Unreal engine games on Steam.

But in the latter case, you need to know "what" you're running into to make it do something.
As I wrote before, you simply guess and target the most likely spots. Hackers have been doing that forever, and guess what? It works.

This comment was edited on Oct 17, 2012, 20:06.
Reply Quote Edit Delete Report
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
          Email me when this topic is updated.

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


Blue's News logo