Post Comment - Blue's News

Modern Warfare 3 and CryENGINE 3 Vulnerable?

[Nov 12, 2012, 10:56 am ET] - Share - Viewing Comments

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 13, 2012, 00:54

Iurand

DangerDog wrote on Nov 12, 2012, 13:01: CryEngine 3 server? I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release. Mechwarior Online and StarCitizen are using CryEngine.

Subject

Comment [quote="Iurand"Nov 13, 2012, 00:54][quote="DangerDog"Nov 12, 2012, 13:01]CryEngine 3 server? I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release. [/quote] Mechwarior Online and StarCitizen are using CryEngine. [/quote]

;) :( :o %) :) :| ;P X| :D More

If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.

Email me when this topic is updated.

Special Codes

b[bold text]b
i[italic text]i
u[underline text]u
-[~~strikethrough text~~]-
c[code text]c
+[bullet point]+
q[quote text (indented)]q
[quote="Author"]quote text (indented)[/quote]
[url=Link]text[/url]
r{red text}r
g{green text}g
b{blue text}b
m{maroon text}m
s{secret text (shows in the background colour)}s

Forum Rules

Disagree all you want but attacks of a personal nature will not be tolerated.
Ethnic slurs and homophobic language will not be tolerated.
Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.