This has the potential to be bad; very bad. Not long ago a webkit was found as part of the Ubisoft DRM and now an exploit has been found with Steam that could see an attacker potentially take over your computer.
Researchers from ReVuln point out that when Steam is installed on a computer, it is registered as a steam:// URL protocol handler which allows the client to automatically handle steam:// URLs that a user clicks in a browser.
First of all who are ReVuln.
ReVuln Ltd. is a dynamic company aiming to provide state-of-the art security research and security solutions to world-wide customers. ReVuln Ltd. is specialized in software and hardware assessment including vulnerability research for offensive and defensive security.
In one example, researchers were able to use a phony steam:// URL to initiate a reinstall command which loads a splash image supplied by the attacker. Steam is unable to handle this properly and thus an integer overflow error arises. This gives the attacker the opportunity to load malicious code directly into remote memory.
See the proof of concept video below and also read the very comprehensive document they made describing the insecurity.
Fortunately there are a few common-sense ways to protect yourself from an attack. Researchers point out that Internet Explorer 9, Chrome and Opera all display a warning in addition to either the full steam:// URL or part of it before sending the commands to the game client. Firefox also requires permission although it doesn’t show the URL nor does it give a warning. Apple’s Safari automatically executes the URL without any confirmation or warning.
It is advices that Steam users should be very careful and only click on steam:// URLs that come from a trusted source. Stay posted for more details.
Source: www.techspot.com
