Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.
https://habr.com/ru/company/pm/blog/464367/
https://amonitoring.ru/article/onemore_steam_eop_0day/
Source: Mitre, NVD
Published: 2019-08-21
Updated: 2020-08-24
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: Medium
Base Score: 7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High