Since the proof of concept code has already been published, it is likely that we'll see the vulnerability exploited in the wild soon. After Kravets convinced HackerOne that the vulnerability was both valid and serious, his report was sent to Valve and rejected again a few weeks later.
His report was initially rejected by HackerOne for being out of scope because the attack required “the ability to drop files in arbitrary locations on the user's filesystem” according to The Register. The vulnerability has not been fixed already because Kravets initially reported it using the HackerOne bug bounty system.
0 kommentar(er)
