Modern Warfare 3 and CryENGINE 3 Vulnerable? - Blue's News Comments

Blue's News

Send News. Want a reply? Read this. More in the FAQ. News Forum - All Forums - Mobile - PDA - RSS Headlines

Twitter

Modern Warfare 3 and CryENGINE 3 Vulnerable?

[Nov 12, 2012, 10:56 am ET] - Share - Viewing Comments

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

View

9 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

9.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 13, 2012, 00:54

DangerDog wrote on Nov 12, 2012, 13:01: CryEngine 3 server? I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release. Mechwarior Online and StarCitizen are using CryEngine.

8.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 15:54

DangerDog wrote on Nov 12, 2012, 13:01: CryEngine 3 server? I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release. Doesn't a version MW:LL use Crysis 2? Is that still active? I know they also have a version based on Crysis Wars as well, but don't know which is first/second and uses what engine.

7.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 15:48

They don't care. They don't care about customer support, they don't care about hacking, they don't care about this.

Move along.




In this present crisis, government is not the solution to our problem; government is the problem. / Few men have virtue enough to withstand the highest bidder. Playing: RL

6.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 13:41

The BOOM exploit has been around FOREVER to remotely bring down an old iD (er... I mean completely new and updated) IW server. There is nothing new there and it has been a known exploit with almost every CoD PC release, and yet never permanently fixed despite release after release after release... There saved Activision some money, and you can almost bet the same vulnerability will still be there for Black Ops 2 as well. They did patch out that vulnerability in some of the releases... but always shows its head again on the next release.

5.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 13:20

Pay us $1000 a day and we'll fix your stacks to prevent buffer overflows!




proudly fragging noobs in deathmatch since 1999

4.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 13:01

CryEngine 3 server? I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release.

3.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 11:12

Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business. Activision: "They want money for it? Next." Like those assholes are going to pay money to FIX something in their shitty yearly fragfest. Creston

2.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 11:05

The attack, at the server level, enabled him to create a remote shell on a game-player's computer. I am convinced that all major games have issues like this, it's just that nobody ever bothered to research this or if they did, only for malicious purposes. And that they wait for a pay-day is obvious. They are after all, security consultants. ^^ They would be pretty terrible at their business if they'd just say how it works.

1.

Re: Modern Warfare 3 and CryENGINE 3 Vulnerable?

Nov 12, 2012, 10:53

A Denial of Service (DoS) attack isn't something to be particularly worried about. Game servers have always been bad about that, opting to reboot and move on. A remote code execution attack on CryEngine 3 on the other hand is much more serious, but without more details it's hard to say just how bad it is. Though the whole thing smells like a publisher shakedown by Auriemma.

9 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

footer

.. ..

Copyright © 1996-2013 Stephen Heaslip. All rights reserved.
All trademarks are properties of their respective owners.

News CGI copyright © 1999-2013 James "furn" Furness & Blue's News.
All rights reserved.

Chatbear v1.4.0/blue++: Page generated 22 May 2013, 00:21.
Chatbear Announcements.