Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Germany 08/31
Chicago, IL USA, IL 10/19

Regularly scheduled events

Modern Warfare 3 and CryENGINE 3 Vulnerable?

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

Email Digg Facebook Twitter   Share More    


 

   Current Headlines
Get Hacknet - Deluxe for Free
Get Galactic Civilizations II for Free
Apple Rejects iOS Steam Link App
Wargaming Seattle Closing
Steam Spring Cleaning Event
Pillars of Eternity II: Deadfire Free DLC
DARK SOULS: REMASTERED Released
Destiny 2 6v6 Iron Banner Returning
On Sale
Evening Metaverse
Evening Tech Bits
Evening Safety Dance
Evening Legal Briefs
etc., etc.
Into the Black
New GeForce Drivers
Dauntless Open Beta
Cities: Skylines - Parklife Released
Extended Vampyr Video
TEKKEN 7 Free Anniversary DLC Next Week
  

 



footer

Blue's News logo