SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
References
Link | Resource |
---|---|
https://github.com/RektInator/cod-steamauth-rce | Exploit Third Party Advisory |
https://github.com/momo5502/cod-exploits/tree/master/steam-auth | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-04-19 16:29
Updated : 2019-04-22 10:10
NVD link : CVE-2018-20817
Mitre link : CVE-2018-20817
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
activision
- call_of_duty\