'Unreal' critical flaw lets in attackers

• Tags:
• Attackers,
• Security Hole,
• Unreal,
• Hackers

David Becker CNET News

Published: 23 Jun 2004 09:15 BST

• 
• 
• 
• 
• 

A security researcher warned on Tuesday of a "critical" flaw in a widely used piece of game software that could let attackers take over vulnerable PCs.

Security company Secunia issued a bulletin warning of the flaw in some versions of the "Unreal" game engine, used by numerous PC games. Most game publishers using the engine have already issued patches, however, to plug the hole.

According to the bulletin, malicious hackers could send a string of junk data to the security tool the Unreal engine uses to verify online game servers. Once the security tool was comprised by such a "buffer overrun," the attacker would be able to execute code at will on the machine.

Games affected by the flaw include five versions of "Unreal," all of which are secured by patches released last week, plus shooting games "Postal 2" and "Deus Ex," also fixed by recent patches.

The flaw was discovered by independent security researcher Luigi Auriemma, whose work has played a major role in publicising online gaming as a possible vector for security threats. Auriemma discovered several flaws in software used by GameSpy, a popular online game-hosting service, and fought with the company to publicise the holes.

As they develop more online capabilities, games have become an increasingly popular avenue for online miscreants. A recently patched flaw in the shooting game "Half-Life" and its popular online offshoots opened a door for denial-of-service attacks, while the GameSpy service and software have been the subject of several security alerts.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed