Court says an attacker was only required to send malformed UDP packets to a target’s Steam client, which would have triggered the bug and allowed him to run malicious code on the target’s PC.

Source: Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years