Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Vulnerability Found In Skyrim, Fallout, Other Bethesda Games

Soulskill posted about a year ago | from the beware-meddling-daedra dept.

Bug 179

An anonymous reader writes "The author of this article goes over a format string vulnerability he found in The Elder Scrolls series starting with Morrowind and going all the way up to Skyrim. It's not something that will likely be exploited, but it's interesting that the vulnerability has lasted through a decade of games. 'Functions like printf() and its variants allow us to view and manipulate the program’s running stack frame by specifying certain format string characters. By passing %08x.%08x.%08x.%08x.%08x, we get 5 parameters from the stack and display them in an 8-digit padded hex format. The format string specifier ‘%s’ displays memory from an address that is supplied on the stack. Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack. Powerful stuff.'"

cancel ×

179 comments

Sorry! There are no comments related to the filter you selected.

Whats the purpose of this (1)

tratraa (2921011) | about a year ago | (#43700935)

You can read and manipulate stack in debuggers like Ollydbg [ollydbg.de] . It's much better way than trying to do so via games console. And you can modify the code too. I just don't see whats the use of this.

Re:Whats the purpose of this (4, Informative)

gl4ss (559668) | about a year ago | (#43701017)

getting hits. no other purpose.

"So far, the only feasible way to exploit the game I’ve come up with is by some sort of hand crafted mod or plugin for the game as that would have access to the scripting console on which the vulnerabilities lie. That said, it would be difficult to exploit in the wild also do in part to the video games having no network capability."

don't mods or plugins already get to pretty much do whatever they want? that is, I wasn't under the impression that they're in some security sandbox.

Re:Whats the purpose of this (0, Troll)

Opportunist (166417) | about a year ago | (#43701103)

Well, considering how games tend to run with admin privileges on Windows because of DRM, I could well see some attack vector here.

Re:Whats the purpose of this (-1)

Anonymous Coward | about a year ago | (#43701143)

Citation needed.

I have a lot of games installed on my PC and none of them require admin rights.

Re:Whats the purpose of this (1, Informative)

Anonymous Coward | about a year ago | (#43701201)

These games require Steam as DRM. Steam very often asks for admin privileges when starting games. With some games it's only once. With others it's every single time you start the game. It's really annoying. Plus, Steam has a background process with admin rights running. No idea how much access games have there but it's there. DRM is definitely an added security risk.

Re:Whats the purpose of this (-1)

Anonymous Coward | about a year ago | (#43701215)

Ok, so that that's a few games that are Steam exclusive. I don't play anything that requires Steam, so what about the other 99% of games that don't require admin rights?

Re:Whats the purpose of this (1, Insightful)

Anonymous Coward | about a year ago | (#43701403)

As much as I'd love to not use bloated junk like Steam, it's just no longer an option. Almost all newly released big games require Steam/Origin/Uplay. Even more and more indie games are exclusively released on Steam. Unfortunately they have a near-monopoly on the PC.

Re:Whats the purpose of this (5, Informative)

Sable Drakon (831800) | about a year ago | (#43701729)

Just how is Steam bloated? Looking at it's two processes right now, it's barely using 11MB of system RAM... The Dropbox client uses more than that and does a whole lot less... Windows Explorer uses even more than Steam. Browsers? Far more RAM usage.. That's far from bloated considering according to Steam's monthly hardware surveys where the average gaming PC is running a minimum of 4GB or ram or more. Seriously, look at the numbers yourself: 21.85% have 4GB, 23.48% have 8GB, and 9.62% have in excess of 12GB... Soooo 10-12MB of RAM is honestly a drop in the bucket for the average PC gamer. You may want to get your facts straight before posting, but then again posting as AC is there for those who love to troll and comment inaccruacies.

Re:Whats the purpose of this (-1)

Anonymous Coward | about a year ago | (#43701911)

If Steam/Origin/Uplay require more than precisely 0 RAM or CPU, that's too much because it's an artificial necessity.

Re:Whats the purpose of this (4)

F.Ultra (1673484) | about a year ago | (#43701943)

Please give my access to your magical application store application that uses zero resources.

Re:Whats the purpose of this (3, Informative)

Anonymous Coward | about a year ago | (#43701995)

gog.com [gog.com]

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702103)

"barely using 11MB of system RAM"

My first computer had 5kB of RAM, you insensitive clod!

Re:Whats the purpose of this (-1, Flamebait)

Khyber (864651) | about a year ago | (#43702363)

"Looking at it's two processes right now, it's barely using 11MB of system RAM.."

Just did a fresh startup of Steam - 110MB Steam.exe

Very likely your low usage is because you don't have a FUCKHUGE library of games.

You may want to get your facts straight and understand how the system actually works before you go making yourself look like a fool by posting something as if it's fact when in reality it's a VARIABLE.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43701847)

That's odd, I still play lots of PC games and none of them need Steam, Origin or Uplay. I'm not finding it difficult to avoid them at all.

Re:Whats the purpose of this (1)

interval1066 (668936) | about a year ago | (#43702195)

As much as I'd love to not use bloated junk like Steam...

Really? In any case, I suppose, secure institutions don't as a rule allow random software installations, espiecally games, so, unless you want to p0wn your friend's pc, we're probably ok here.

Re:Whats the purpose of this (1)

Anonymous Coward | about a year ago | (#43701253)

Morrowind and Oblivion don't require Steam.

Re:Whats the purpose of this (5, Insightful)

The MAZZTer (911996) | about a year ago | (#43701625)

Steam only asks for admin when performing installation steps, as installers often require admin privileges. And this is stuff like DirectX, C++ runtimes, etc so it's understandable since that stuff goes into system32.

The game itself is not run as admin.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43701819)

i have several games on steam that require admin rights to run -- not just to install or update, but to simply play the game. no bethesda titles in my library, but fact is, some games insist on admin rights to play.

Re:Whats the purpose of this (1)

Anonymous Coward | about a year ago | (#43701861)

If a game needs admin rights, it's either malware/spyware or it's poorly programmed. There is absolutely no reason a game or any non-system maintenance application should need admin. If you do have games that require it and it's not stated on the box or the download page, then I'd demand a refund.

Re:Whats the purpose of this (1)

bmo (77928) | about a year ago | (#43701869)

i have several games on steam that require admin rights to run

Why do you continue to play them?

Also, please name them so people can know what to avoid.

Seriously, this is shit that should have died last century.

--
BMO

Re:Whats the purpose of this (5, Insightful)

Anonymous Coward | about a year ago | (#43702121)

i have several games on steam that require admin rights to run

Why do you continue to play them?

Also, please name them so people can know what to avoid.

Seriously, this is shit that should have died last century.

--
BMO

He can't name them, because he's spouting BS, like most Steam-hating trolls. They're just angry that VAC noticed them being stupid hacking trolls.

Re:Whats the purpose of this (-1)

Anonymous Coward | about a year ago | (#43702335)

Steam-hating = DRM & artificial resource use hating
Steam-loving = Freedom-hating & apathetic

Re: Whats the purpose of this (1)

AvitarX (172628) | about a year ago | (#43702157)

I think maybe Rome total war? I cant recall personally, but older games that write config into they're folder is my assumption of the cause. Though windows handles that somehow now, so maybe not.

The app that most surprises me is super requiring it.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702143)

Can you throw some examples? I don't have a single steam game that requires admin rights to play.

I bet this happens because you installed steam in "program files" directory (which is the default). Program Files is a protected directory and normally only an administrator can write there. The problem will probably go away if you install steam in different location where non-admins have right to write too (c:\games or something like that). Or alternatively, if you grant modify access to steam folder for normal users.

Well behaving programs or games should not write under application directory. Unfortunately many (especially older) games aren't well behaving in this regard. There are %appdata%, %programdata% etc folders for this kind of stuff.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43701175)

This is just plain false.

Re:Whats the purpose of this (1)

gl4ss (559668) | about a year ago | (#43701477)

Well, considering how games tend to run with admin privileges on Windows because of DRM, I could well see some attack vector here.

I don't remember these games requiring that.

but my point was that you're already pretty much accepted the risk when using a mod - a mod that has potentially whatever code in it.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702023)

And this is a great example of how misinformed and delusional Slashdot users are. +5, Informative? More like -5, Clueless.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702059)

you know windows removed the %n format specifier years ago right? its still going to be exploitable in theory because of pop/pop/.../ret sequences, but the person reporting, like you, obviously has never exploited this bug based on the premise one can write to arbitrary locations with a %n, which just isn't true sans security-brain-dead OSs like Linux. Anyways, cool story bro.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702209)

Would you name some of these games that require admin privileges? I would like to check them out to see if it's true.

Modded to +5 Informative because (5, Informative)

benjymouse (756774) | about a year ago | (#43702221)

It knocks both DRM and Windows in one sentence. Which is popular on slashdot.

Facts don't matter, accuracy doesn't matter. Comments can be outright lies (like this one) and still achieve the highest ranking as *informative* just because it plays to a popular myth.

No, games are *not* run with admin rights. No they do *not* need to run with admin privileges, not even to use DRM. Especially not the online DRM variety that steam uses.

Re:Whats the purpose of this (0)

Anonymous Coward | about a year ago | (#43702185)

don't mods or plugins already get to pretty much do whatever they want? that is, I wasn't under the impression that they're in some security sandbox.

At least in Morrowind and Oblivion, mods are "sandboxed" in the sense that they do not contain any native code, and use a scripting language that only gives them access to game state, not permission to open files, etc.

So though I doubt we'll see a deluge of trojan Morrowind mods, it's a "real" exploit in the sense that mods can do more than was intended.

I'm sure you could find any number of buffer overflows if you looked, too. The security awareness in the industry is abysmal, all the way from the drivers [slashdot.org] to even simple game launchers. [seclists.org]

Those games crash easily (5, Insightful)

loufoque (1400831) | about a year ago | (#43700981)

Those games crash easily, isn't that proof enough they're full of vulnerabilities that you could exploit to run arbitrary code?
Now the question is, why does it matter? It's a game, not a production server.

Re:Those games crash easily (-1)

Anonymous Coward | about a year ago | (#43700991)

I can smell your rancid asshole from miles away, and the smell makes my little white tadpole friends restless! I want to dip my fetid cock right into your rotting rectum! What say you?

I have a disgusting smile on my face.

Re:Those games crash easily (1)

muphin (842524) | about a year ago | (#43701015)

isnt this what "Trainers" do ?

Re:Those games crash easily (4, Insightful)

Opportunist (166417) | about a year ago | (#43701107)

Because a hijacked machine is a hijacked machine. It can be used to send spam, participate in a DOS or mine bitcoins. And given that it's games we're talking, and power hungry games too, it's likely that you get a machine with a very powerful GPU and CPU.

Re:Those games crash easily (3, Insightful)

Anonymous Coward | about a year ago | (#43701189)

How would you even exploit this for hijacking? You have to inject malformed strings into a vsprintf() function that's called for console error output. Sure, load the code file, craft a string full of %x and ... call vsprintf() ??? I mean, what do you get this way that you don't by just calling into libc's function directly? And to hack the running game you need to attach as a debugger ... what privileges did your hacking process have again? If you're already at system level why bother with hacking skyrim? and if not, you're not going to get anything more than you already have. You could hack it from some mod I suppose, but that'd be like deciding to pick the lock for your own door while it's standing open.

That said, it's really sloppy code for the console command parser. It's not like the rest of the game is doing anything at the time so you absolutely can't afford to have an input validator active in there.

Re:Those games crash easily (0)

Anonymous Coward | about a year ago | (#43701883)

I love it how you include "mine bitcoins" in your list of online criminal activities. As if it were relevant enough to people's interests here. It isn't. A few editors have likely invested in one of the exchanges judging by the spam that gets posted here, but apart from that it's exactly as you classified it, online criminal activity.

Re:Those games crash easily (1)

jareth-0205 (525594) | about a year ago | (#43701191)

Because http://xkcd.com/1200/ [xkcd.com]

Don't you care about your personal security?

Re:Those games crash easily (0)

Anonymous Coward | about a year ago | (#43702105)

That comic makes no sense. How would someone who stole your laptop magically know your passwords?

Re:Those games crash easily (1)

countach74 (2484150) | about a year ago | (#43702165)

Because sessions don't exist. Granted PayPal/bank accounts probably require authentication every time, but I imagine many people use their favorite web browser's "save password information" feature on those sites. I think the comic makes plenty of sense: for most people, if their user account on their laptop is compromised, bad things can/will happen.

Did we really need (0)

Anonymous Coward | about a year ago | (#43700995)

An explanation of printf format syntax in the summary?

Re:Did we really need (3, Insightful)

liamevo (1358257) | about a year ago | (#43701071)

Every time something many people understand in the summary isn't explained, people complain.
Every time something many people understand in the summary is explained, people complain.

Re:Did we really need (1)

PopeRatzo (965947) | about a year ago | (#43701355)

Every time something many people understand in the summary is explained, people complain.

I don't recall seeing people complain when a summary is explicit about something, only when it is not explicit.

Readers are trained to skim over information with which they are familiar. It comes from years of textbook use. It's much more frustrating when an important bit of information is left out.

Re:Did we really need (1)

NoNonAlphaCharsHere (2201864) | about a year ago | (#43701325)

It's a direct quote from TFA*.

*"The Fucking Article"

Re:Did we really need (0)

Anonymous Coward | about a year ago | (#43701603)

Apparently. I'm not a particularly good programmer, but I thought that people weren't supposed to use printf() any more in favor of sprintf()

Re:Did we really need (1)

_Shad0w_ (127912) | about a year ago | (#43701879)

One of those writes to stdout and one of them writes to a string, they're not really interchangeable if your aim is to display something on screen...

I think you're getting confused with the fact that using ?sprintf(), ?scanf(), etc. is discouraged in favour of using their ?sn* counterparts, due to buffer overrun possibilities, but I could be wrong. Calling printf() with an un-sanitized user supplied format string is also discouraged, because it may contain a %.

printf() is just a wrapper for vfprintf() with the FILE paramter as stdout, I believe (it is in glibc anyway).

Am I the only professional C/C++ coder ... (2)

Viol8 (599362) | about a year ago | (#43700997)

.... who has never used the %n formatter? I'd heard of it but I had to go and google it to find out what it did because I couldn't even remember.

The only use I can see for it is for figuring out single line formatting lentghs after you've printed some string but thats pushing it a bit since surely any half decent coder would preformat a string before outputting it?

Are there any "killer app" uses for %n that anyone can think of?

Re:Am I the only professional C/C++ coder ... (1)

Anonymous Coward | about a year ago | (#43701063)

It's used for sscanf():
http://stackoverflow.com/questions/353614/are-there-any-practical-applications-for-the-format-n-in-printf-scanf-family

Re: Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701067)

Are there any "killer app" uses for %n that anyone can think of?

%no

Re: Am I the only professional C/C++ coder ... (1)

Greyfox (87712) | about a year ago | (#43701727)

The printf family of functions is really the most convenient way to format output in C. Anything else you have to write yourself, or bring in an external library for. And it's perfectly safe as long as you don't directly printf or sprintf a string a user has input. Or screw up the number of parameters you pass it.

My current project is in C++ and I still find myself missing printf/sprintf. iostream operations are a bit more work to get the same stuff done. So far I haven't run into an instance where I've HAD to fall back to the old school library calls for that, so I'm trying to be good.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701219)

Making it easy to create backdoors.

Re:Am I the only professional C/C++ coder ... (-1)

Anonymous Coward | about a year ago | (#43701227)

"professional" and "C/C++", quite an oxymoron.

Re:Am I the only professional C/C++ coder ... (1, Insightful)

Lumpy (12016) | about a year ago | (#43701445)

Says a whiny C# "programmer"

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701509)

No he has a valid point. There are very few people who know c++ and that I would consider professional, probably .02% and the rest are just people who think they are c++ programmers. Even in extremely high quality c++ apps there are many bugs, I can only imagine how bad it is out in the field at companies that don't employ anywhere near the top rung of intelligence. I'd suspect you yourself are the type that should be writing code with a helmet.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701559)

A professional is someone getting paid to code.
It has nothing to do with what you condiser them to be, or wether they meet your standards.

Re:Am I the only professional C/C++ coder ... (1)

jones_supa (887896) | about a year ago | (#43701597)

the rest are just people who think they are c++ programmers

That's enough for many jobs.

Re:Am I the only professional C/C++ coder ... (1)

Anonymous Coward | about a year ago | (#43701631)

I'm a professional C coder, I have professionally done C++ as well. And I have news for you. Not everything is a webpage, and most of the platform software you work in was written in either C or in C++, and guess what, it typically isn't that buggy. Maybe it's a surprise to you, but at some level you actually have to program at a level below the virtual machine, and if you're say, interacting directly with hardware, then all your trendy high level languages go right out the window, and C/C++, the work horses of industry come out to play. Or say you have some performance critical work, again, the overhead of a managed language is just not acceptable.

Now I need to go off and point out where it's been found that a C coder writes better java than a java programmer, and a C coder writes better C# that a C# programmer.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701653)

Which is why Most OS and embedded stuff is written in C.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43702089)

There are very few people who know $LANGUAGE and that I would consider professional, probably .02% and the rest are just people who think they are $LANGUAGE programmers.

True for any value of $LANGUAGE.

Re:Am I the only professional C/C++ coder ... (4, Informative)

_Shad0w_ (127912) | about a year ago | (#43701901)

Some of us C# programmers started life as C programmers, became C++ programmers at some point, and have now ended up as C# ones. You go where the money is; that's what being a professional is: doing something for money.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43702243)

And some of us have never done C/C++ outside of college but still try to write clean, efficient code. It has almost nothing to do with the language and almost everything to do with skill.

Blaming the tools implies that you lack skill. The best way to solve this is to not lack skill. Sadly, most take the easy way rather than the best way.

Re:Am I the only professional C/C++ coder ... (1)

Guru80 (1579277) | about a year ago | (#43701953)

You seem to be confusing Professional (basically just a fancy word stating I get paid for what I do) and Expertise (expert skill or knowledge in a particular field). Neither require the other to be true.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701231)

Step 1: Make a mod for one of those games. Something simple that requires no exe files. Simple copy/pasta type install.
Step 2: Mod abuses this vulnerability.
Step 3: Mod sets up a botnet rootkit on the host machine, to lie dormant until fed orders.
Step 4: Have the FBI partyvan show up at your house for participating in a DDOS.

Re:Am I the only professional C/C++ coder ... (0)

Anonymous Coward | about a year ago | (#43701969)

the only way to really get mods out there to the few hundred or so that mod their es/fallout games is to put it on something like nexus, with a registered username(and ip address). So if you followed this through all the way to step 4, it would be pretty easy to follow the steps backwards to find out who you are or at least establish how the activity happened.

Re:Am I the only professional C/C++ coder ... (1)

Anonymous Coward | about a year ago | (#43701235)

Pre-formatting strings requires extra memory (an amount which could be significant on the systems C was originally designed for), and the buffer has to be sized for the worst possible case if you only have C89 (snprintf wasn't added until C99).

Re:Am I the only professional C/C++ coder ... (2)

garutnivore (970623) | about a year ago | (#43701271)

Are there any "killer app" uses for %n that anyone can think of?

According to the summary, with %n you can write a killer app that kills other apps:

"Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack."

Re:Am I the only professional C/C++ coder ... (3, Informative)

Impy the Impiuos Imp (442658) | about a year ago | (#43701811)

Actually it's for use further down the road in the same printf string, IIRC. You %n something, then use the value in some later argument, not in a completely different printf. Indeed, the purpose is to keep you from needing multiple printfs when outpit depends on dynamic calculation of lengths of what went before on the same line.

bfd (0)

jimmydevice (699057) | about a year ago | (#43700999)

wtf

LOL (0)

Anonymous Coward | about a year ago | (#43702397)

BBQ?

Wow, some discovery (5, Insightful)

Rosco P. Coltrane (209368) | about a year ago | (#43701021)

stdio functions often lead to stack overflows. News at ten...
What next? Null pointers are bad, m'kay...?

Re:Wow, some discovery (5, Insightful)

Dunbal (464142) | about a year ago | (#43701047)

Null pointers don't kill programs, it's sloppy programmers who kill programs.

Re:Wow, some discovery (0)

Anonymous Coward | about a year ago | (#43701851)

I've been doing C for three decades and Null pointers still kill my programs.
As for my sloppy-ness, I've written a bug-free kernel driver on paper napkin with a pencil and poorly translated specs I had faxed over on vacation just the other week.
You'd imagine me not bringing a laptop on vacation would be a big enough deterrent to leave me be on my first week off in 2 years. Next time I won't take my cellular...

Re:Wow, some discovery (2, Insightful)

Anonymous Coward | about a year ago | (#43701963)

But you've got to admit, null pointers do make it a hell of a lot easier to find the bug. Dangling and uninitialized pointers, those are the dangerous ones.

Re:Wow, some discovery (1)

mlookaba (2802163) | about a year ago | (#43701933)

Null pointers don't kill programs, it's sloppy programmers who kill programs.

There is no legitimate use for null pointer exceptions. We should ban them. Think of the children.

Re:Wow, some discovery (0)

Anonymous Coward | about a year ago | (#43702151)

...it's sloppy programmers who kill programs.

This is a very bad perspective. One if the biggest challenges programmers face is our brains are not designed to be able to hold an entire program in memory and understand it all at the same time. It doesn't matter how smart or careful the programmer or how good the code is, the human race has these limitations. Any programming technique we can use to reduce how much the brain has to keep track of is a good thing.

Null pointers are nasty. I have worked in programming languages that have them but have undefined behavior when using them (C / C++), languages that throw exceptions when using Null pointers (C# / Java), and languages that either don't have them or make them very difficult (Haskell / F#). It takes using a language without them or at least makes them optional to realize how big of a mistake they are.

Re:Wow, some discovery (5, Insightful)

Opportunist (166417) | about a year ago | (#43701131)

How about putting a structure you allow the user to specify the length of on the stack [offensive-security.com] ? Like it was done in the animated cursor in Windows (and of course exploited for an attack).

And, unlike games, that was in an OS that has been under attack for years when this was exploited.

Game developers usually don't consider security when they develop. If anything should be a dead giveaway, it's how DRM is implemented. I think we're going to see a lot more exploits targeting games in the future. For very obvious reasons:

- Tend to run with admin privileges due to DRM
- Little to no consideration for security during development
- AAA-titles usually widely spread, leaving a big attack surface
- Tend to be used with rather powerful machines due to requirements of the graphics engine

And those are only the reasons that I could come up with without even thinking.

Re:Wow, some discovery (1)

Impy the Impiuos Imp (442658) | about a year ago | (#43701835)

Because this can be exploited by changing printf strings, if you can change string tables, rather than running code or even executable files -- string tables are regularly manipulated by design for language translations -- you can get your foot in the door, first for examining and programming stacks.

Re:Wow, some discovery (1)

jones_supa (887896) | about a year ago | (#43701633)

What next? Null pointers are bad, m'kay...?

Well, then there is a recommendation of replacing fopen() with fopen_s() for improved safety [drdobbs.com] . It was previously a Microsoft extension, but now is part of the C11 standard (Annex K).

Re:Wow, some discovery (0)

Anonymous Coward | about a year ago | (#43701927)

Now that's actually a good one. Why did they need a new function for it though?

Re:Wow, some discovery (1)

jones_supa (887896) | about a year ago | (#43701997)

There is always the possibility that some application depends on the exact behavior of fopen() related to such cases so it would be too dangerous to go tampering with it.

Re:Wow, some discovery (1)

am 2k (217885) | about a year ago | (#43701647)

stdio functions often lead to stack overflows. News at ten...

Well, it's interesting insofar that this is a rookie mistake you usually fall into in your first year of programming in C, and never again afterwards. It's amazing that such programmers are working in a very high profile gaming company.

So? (0)

Anonymous Coward | about a year ago | (#43701023)

Why would anyone care to exploit a game which is running on their local computer (Unless they want to bypass a drm scheme)?

Re:So? (-1, Troll)

Opportunist (166417) | about a year ago | (#43701135)

9 out of 10 AAA-titles on Windows require admin privileges due to their DRM scheme. This alone makes games an interesting attack vector. If I can hijack something running with admin privileges, I can easily install whatever I deem fit into your machine.

Now add that games are usually done with far less concern for security than, say, Windows or Acrobat Reader (yes, it's possible...), making it certainly a lot easier to find something exploitable. Also, it's very unlikely that the average game developer reacts as quickly as MS does by now.

Re:So? (4, Informative)

Tridus (79566) | about a year ago | (#43701267)

Skyrim doesn't require Admin, and it happens to be the most recent of the games listed here.

In fact, I'm pretty sure this claim is total bullshit.

Re:So? (0)

Anonymous Coward | about a year ago | (#43701389)

No you could DoS Skyrim quite easily, granted it would be easy to fix, but it's still an apt display of how shit Bethesda's programming is.

Re:So? (2)

Lumpy (12016) | about a year ago | (#43701457)

Just playing the games and seeing all the glitches everywhere is an apt display of that.

Cripes I know of several places where there are glaring, insane glaring bugs in skyrim. The freaking game engine has been around for ever but the same bugs exist in it through both fallouts, and then finally Skyrim.

Re:So? (1)

flimflammer (956759) | about a year ago | (#43701783)

9 out of 10 AAA-titles on Windows require admin privileges due to their DRM scheme.

Bullshit.

No they do not (0)

Anonymous Coward | about a year ago | (#43702155)

Throwing false claims around? Software (games included) often require Admin to *install*. As it should. Nothing should install on my machine without requiring some form of elevated privileges.

Games no longer require admin to run. I challenge you to come up with a single recent AAA-title that must be run under an admin account.

Vista basically took care of that. The UAC prompt taught game developers to behave and use regular user accounts. Even if you launch steam running as administrator, not steam nor titles run with administrator privileges. That's because Windows strips admin privileges from process tokens.

Quit FUDing, please

Third Party Content. (0)

Anonymous Coward | about a year ago | (#43701027)

Question is, can this be exploited by third party content such as mods? The Elder Scrolls modding scene has only grown since Skyrim and could become an interesting malware vector.

Re:Third Party Content. (1)

Dunbal (464142) | about a year ago | (#43701053)

There are far simpler ways of installing malware on your machine than by going through an exploit in the game. Like, having the installer for your mod install it for you.

Re:Third Party Content. (1, Insightful)

Opportunist (166417) | about a year ago | (#43701145)

Certainly. But that's just the tip of the ice berg.

Not every game allows modding, but a lot of them make very interesting attack vectors. Imagine WoW having an exploitable angle. Aside of the obvious target (getting access to the WoW account and stripping it), what do you think would happen if there was a way to infect machines running WoW by, say, slipping an infected version of a popular mod into one of the download areas?

And then we're really talking about some serious attack surface. Skyrim is a fairly small one, actually. Yes, it was a popular game, and it has a very active modder scene, but the amount of people modding the game is not as big as it may seem at first. While OTOH I don't know anyone playing WoW who doesn't use certain "must have" plugins.

And I'm pretty sure one could come up with more "interesting" vectors. How about infected servers for multiplayer FPS games? Do you know the servers you play CoG, CS or TF2 on well enough to know that they will be ok, in case there is a vector for your game?

Re:Third Party Content. (0)

Anonymous Coward | about a year ago | (#43701375)

Like, having the installer for your mod install it for you.

Speaking of which... I haven't looked into Morrowind or Skyrim yet, but Oblivion allows running batch files from inside the game. Mods can install and launch such things as well.

Elder Scrolls online is not coded by Bethesda (2)

maweki (999634) | about a year ago | (#43701321)

"One thing I am looking forward to is the newest Elder Scrolls game by Bethesda – The Elder Scrolls Online. This online capability might just make remote exploitation of my 0day feasible. Why? If the same vulnerability is present in Morrowind released in 2002 is still present in Skyrim (released 2012), the odds are in my favor that the same vulnerability will be in the latest game release."
Odds are, Zenimax, the company actually developing The Elder Scrolls Online, is using a different engine than Skyrim.

http://www.gameinformer.com/b/features/archive/2012/05/25/why-the-elder-scrolls-online-isn-39-t-using-heroengine.aspx [gameinformer.com]
"We started ZeniMax Online from scratch [...]. It takes a long time to write game engines, especially MMO engines, which are inherently more complicated than typical single-player ones."

Re:Elder Scrolls online is not coded by Bethesda (1)

MachDelta (704883) | about a year ago | (#43701377)

TESO is slated to be using the HeroEngine (the same one that powers TOR) and not the infamous (and crash happy) GameBryo engine that Bethesda used for so long.

Re:Elder Scrolls online is not coded by Bethesda (3, Informative)

maweki (999634) | about a year ago | (#43701391)

No. The link I posted explains that they licensed the HeroEngine but will not use it.
"We started ZeniMax Online from scratch, with no employees and no technology. We had to build everything ourselves. It takes a long time to write game engines, especially MMO engines, which are inherently more complicated than typical single-player ones. So, we decided to license the HeroEngine to give us a headstart. It was a useful tool for us to use to prototype areas and game design concepts, and it provided us the ability to get art into the game that was visible, so we could work on the game’s art style."
http://www.gameinformer.com/b/features/archive/2012/05/25/why-the-elder-scrolls-online-isn-39-t-using-heroengine.aspx [gameinformer.com]
Or as the title of the article says: "Why The Elder Scrolls Online Isn't Using HeroEngine"

Why does he keep calling it an 0day? (0)

Anonymous Coward | about a year ago | (#43701327)

Why does he keep calling it an 0day if it's about a decade old game?

Re:Why does he keep calling it an 0day? (3, Informative)

Pembers (250842) | about a year ago | (#43701601)

"Zero day" refers to a vulnerability for which no patch exists, presumably because the vendor wasn't aware of it. It's the amount of time between when the vendor becomes aware of the vulnerability and when the black hats can start exploiting it, not the amount of time that it's existed.

See Prof Wikipedia [wikipedia.org] for more details.

Not really a vulnerability (1)

Hentes (2461350) | about a year ago | (#43701741)

If you have access to a machine, you can cause it to crash. What's exactly surprising about this?

Windows doesn't have the %n format specifier (0)

Anonymous Coward | about a year ago | (#43702073)

Windows removed the %n format specifier years ago for security reasons, now if the more dense libc authors would follow suit and make their OS' more secure. I'm talking to you drepper and your retarded strfry() but no strlcpy() because its bloat. Also, glibc, fix youre damned fastlist's in the free() code path, you're formerly exploitable asprintf() in setuid libc code (no longer exploitable due to kernel modifications that prevent setuid() from failing), and well get off youre retarded OSS/FS "many eyes make us more secure" high-horses, because those eyes need to be competent and they're quite obviously not.

author is againt pirates and trainer makers (-1)

Anonymous Coward | about a year ago | (#43702085)

ever notice all trainers are detected by macafee and friends norton and others?
thats cause they dont like it when we do what we want with stuff

hey asshat parent poster heres a fuck you and yoru business friends

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>