Re: A privilege escalation seems to me to be pretty critical
Sadly I think you've misunderstood. To exploit priv esc bugs, you need to already have access to the machine - the ability to write to the filesystem, in one case. At that point, you can do bad stuff anyway, like execute arbitrary code as the user.
To be clear, this is priv esc because you can either go from arbitrary file write to code exec, or user-level code exec to admin code exec if Steam is running as admin. If you already have admin code exec access to the box, this vulnerability is irrelevant.
What we're saying is, it's not as dangerous as an RCE like the RDP bugs. It's not great, it's not terrible.
C.
Biting the hand that feeds IT
