Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Modern Warfare 3 and CryENGINE 3 Vulnerable?

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

Email Digg Facebook Twitter   Share More    


 

  
   Current Headlines
Battlefield Hardline Delayed to 2015
Dragon Age Inquisition Delayed
EA Financials
Merry Naxxramas
WildStar Sabotage Announced
Dead Rising 3 Preorders & DLC
Dark Souls II Crown of the Sunken King DLC Released
Steamships Ahoy - OlliOlli
Steamships Ahoy - Dungeon Defenders Eternity
FORCED 2: The Rush Announced
Assassin's Creed Unity Trailer
Guild Wars 2 Trailer
Gods Will Be Watching Thursday; New Trailer
Evening Crowdfunding Roundup
On Sale
Gatherings & Competitions
Evening Consolidation
Evening Mobilization
Evening Metaverse
Evening Tech Bits
  

 



footer

.. .. ..

Blue's News logo