Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Modern Warfare 3 and CryENGINE 3 Vulnerable?

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

Email Digg Facebook Twitter   Share More    


 

  
   Current Headlines
Battlezone (1998) Remake Plans
Scrolls Closing
LEGO Minifigures Online Relaunched
DiRT Rally Patched
World of Fishing EU Closed Beta
Albion Online Summer Alpha Begins
On Sale
Evening Crowdfunding Roundup
Evening Interviews
Evening Screenshots
Evening Consolidation
Evening Mobilization
Evening Metaverse
Evening Tech Bits
Evening Safety Dance
Evening Legal Briefs
Into the Black
Steam Hardware Early Preorders Sold Out
The Bard's Tale IV Chris Avellone Stretch Goal
Mafia 3 Domains Ratted Out
  

 



footer

Blue's News logo