Valve Accused of Ignoring Remote Code Execution Vulnerability Affecting All Source Engine Games

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

Image: Valve

Valve has been accused of preventing security researchers from publicly disclosing a remote code execution vulnerability that allegedly affects all games developed using the company’s widely renowned Source game engine (e.g., Half-Life 2, Counter-Strike: Global Offensive). What’s been reported thus far is that the flaw, which was originally reported two years ago but purportedly ignored by Valve, is primarily leveraged by attackers through Steam’s invite system. Secret Club, a not-for-profit reverse-engineering group, has tweeted a series of videos demonstrating that the vulnerability exists.

Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it.

Sources: Secret Club, r/pcgaming

Tsing Mui
News poster at The FPS Review.

Recent News