General Graboids: Worms and Remote Code Execution in Command & Conquer

www.atredis.com

cross-posted to:
hackernews@lemmy.bestiver.se

General Graboids: Worms and Remote Code Execution in Command & Conquer

www.atredis.com

Resident PulserB to

Pulse of TruthEnglish · 25 days ago

cross-posted to:
hackernews@lemmy.bestiver.se

General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners

www.atredis.com

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contains techni

This stack overflow was not the only exploitable issue we encountered. That same network command handler, NetPacket::readFileMessage, did not properly constrain files that were sent from a peer. Files of arbitrary extensions were accepted, as well as file paths outside of the original game directory. Simply sending a properly named .dll file was sufficient to ensure remote code execution the next time the game was started.

You must log in or # to comment.

Chat

Pulse of Truth

pulse_of_truth

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !pulse_of_truth@infosec.pub

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

104 users / day
623 users / week
1.07K users / month
2.9K users / 6 months
188 local subscribers
2.32K subscribers
4.81K Posts
3.43K Comments
Modlog

mods:
krogoth