Critical Vulnerabilities found in Call of Duty:MW3, CryEngine 3

By Asrokhel
in Gamers' Hangout

 Share

Recommended Posts

Mentor

Asrokhel

Posted
Posted

Call of Duty: Modern Warfare 3 and CryEngine 3 graphics platform suffer from critical vulnerabilities, two security researchers have revealed.

ReVuln security consultants Luigi Auriemma and Donato Ferrante presented results of their research at the Power of Community (POC2012) security conference in Seoul and said that not only hackers but also other online gaming companies can benefit by exploiting these vulnerabilities. The security researchers have revealed that online gaming companies can try and steal a competitor's players or shut down a competitor?s game completely. Ferrante said "We have a lot of companies that ask for these kinds of denial-of-service attacks to attack competitors. This is really a big concern for companies."

Auriemma showcased a video during the conference which contained an exploit targeting a denial-of-service vulnerability in Activision?s COD:MW3. In the video, the server administrator received a warning when the server running the game was remotely crashed. The duo is planning to release advisories next Tuesday and have showed willingness to work with Activision to patch the vulnerability but, have revealed that they will not be doing so by volunteering the information as vulnerability research is part of their business.

Auriemma?s also showcased another exploit that targeted vulnerability in CryEngine 3. The researcher showcased how he was able to gain access to a game-player?s system by creating a remote shell through to the player's computer. "Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server," said Ferrante.

http://paritynews.com/security/item/472-critical-vulnerabilities-found-in-call-of-dutymw3-cryengine-3

Grand Master

Yusuf M. Veteran

Posted
  • Veteran
Posted

That's interesting. I've never read about a game engine having a vulnerability like that. If it had one, it allowed users to create hacks or mess with the game. I wonder what Crytek and Infinity Ward are going to do about this.

Grand Master

Phouchg

Posted
Posted

Game hacks have been there since the dawn of time. Online portion shouldn't be any different. Aimbots, point hacks, kick scripts. While most trainers are just memory patching, isn't that simple with things that have to work online. In most cases somebody traces game code see what it sends and receives and where it puts that stuff. Integrate network code into engine and there you have it - engine vulnerability.

Offline portions of game code are getting pwnt all the time by warez people. No piece of code (except for NASA shuttle launch) is secure. Game companies have more or less got away with it because it's a game - games (except MMOs) didn't have much useful personal information up until recently.

Welcome to the future, yes.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Linux 7.2's first release candidate gets off to a good start

      By zikalify · Posted

      Linux 7.2's first release candidate gets off to a good start by Paul Hill Credit: Larry Ewing It has been a few weeks since the release of Linux 7.1, and in that time, the Linux 7.2 merge window has been open, where developers can submit their features and patches ready for the upcoming release. That window is now shut, and the release candidate phase has begun so that new features can be tested and further fixes applied. According to the founder of Linux, Linus Torvalds, this week’s release candidate looks “reasonably normal”. Although we are super early in the release candidates, this is a good sign as it makes it more likely that an eighth release candidate will not be needed. Torvalds even mentioned that the update’s stats are only larger than they really are because there was another AMD header drop with a third of the patch just being AMD GPU register definitions, which aren’t big changes but make the code contributed look larger overall. In addition to this, he noted that just over half the patch is drivers, even when excluding the AMD register dump. The rest of the changes are spread out over architecture updates, tooling, documentation, and core kernel updates. In the next week, Torvalds says that he will be chilling out, taking the week “mostly off”. Despite this, he will be reading emails and keeping up with things, so if he is slow responding, now you know why. He said he is hoping for a calm week, but we will just have to see if the second release candidate is actually like that. We should expect seven or eight release candidates before Linux 7.2 is released, so expect it around the end of August. If you missed it a few weeks ago, be sure to check out our coverage of Linux 7.1's release.
    • Why it's almost impossible to produce a smartphone in the United States

      By Asgardi · Posted

      Ridiculous claim that the labor cost difference of $6000 annually would increase cost per phone by $200. The employees produce 3 phones per month or what?
    • Sparkle 2.20.1

      By Copernic · Posted

      Sparkle 2.20.1 by Razvan Serea Sparkle is a free, open-source Windows optimization tool designed to make your PC faster, cleaner, and more private. With Sparkle, you can easily debloat Windows by removing unnecessary apps and services, disable Microsoft tracking to enhance privacy, and apply performance tweaks to boost speed. Its cleaner removes junk and temporary files, while every change is safe and fully reversible. Sparkle also features a modern, user-friendly interface with automatic updates, making system maintenance simple. Explore over 39 tweaks, from disabling telemetry and hibernation to optimizing network and game settings, all aimed at customizing and enhancing your Windows experience. Sparkle supports Windows 10 and 11. Sparkle 2.20.1 changelog: You can now change the Animation Direction from Up, Left, or Off. Added configurable animation direction (Up, Left, Off) for improved accessibility Added TTL caching to the system info backend Refactored tweak application flow to await NvidiaProfileInspector Improved IPC listener cleanup to correctly remove specific listeners Fixed online status not updating after successful network requests Updated system info tests to support backend caching Removed electron-toolkit utils dependency in favor of internal is.dev helper Fixed unwanted files and folders being included in application bundles Download: Sparkle 2.20.1 | Portable | ~100.0 MB (Open Source) Links: Sparkle Website | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The best controller for XBOX and PC is down to the lowest price

      By Figure 8 Dash · Posted

      Never used the G7 Pro, but I've never had a good experience with that style of d-pad and fighting games.
    • Sihoo Doro C300 Pro V2 Ergonomic Office Chair review: The Ikea of chairs

      By Figure 8 Dash · Posted

      And I just bought a seat cushion for my mesh chair. The chair feels nice but the first time I sat in it with boxers, I realized I don't like the feel of mesh on my legs. 😂

  • Recent Achievements

    • One Month Later
      JKR earned a badge
      One Month Later
    • Dedicated
      Asgardi earned a badge
      Dedicated
    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      496
    2. 2
      +Edouard
      247
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      Steven P.
      86
    5. 5
      macoman
      65
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!