When running World of Tanks game replays, arbitrary code can be executed on your computer
Transfer from reddit.com.
A couple of months ago I was researching WoT replays and their format. I found that the way they store data packets makes it easy to get arbitrary code to execute . After a couple of days of improving the launch of the code in the replay to a reliable state, I was able to embed arbitrary code into an arbitrary replay. This code is executed immediately after opening, and there is no way to stop it from when the WoT client started playing the replay.
As far as I know, any replay newer than May 2014 is subject to this vulnerability. Most likely, earlier replays are also vulnerable and not credible. As proof of concept I attach a replay that opens the calculator window: dl.dropboxusercontent.com/u/19977649/Replay-exploit.wotreplay
Thus, you should not run any replays before the official fix from WG
Before all this turns into a presentation of claims to WG support, I want to mention that before this post I did not inform them about the vulnerability. In fact, it was the employee of WG Trezvor_WGA who really helped me in communicating the problem to the right people, they confirmed it and are already making a fix.
')
Why I did not use the bugtracker? In short - I just do not want. This is not the first vulnerability I found, and the standard procedure for catching bugs practically does not work. Many of the companies to which I reported vulnerabilities in this way did not do anything until the vulnerability was publicly disclosed.
I do not want to say that WG is one of these companies. First of all, I told them, but I want to warn the public before sending the ticket, so that they should be careful. Not the best way to earn the respect of the company, but the most reliable way to quickly see the fix.
From the translator - because It posted on a VERY visited resource on the subject of this project, it is probably already in use. So take care of yourself!
A couple of months ago I was researching WoT replays and their format. I found that the way they store data packets makes it easy to get arbitrary code to execute . After a couple of days of improving the launch of the code in the replay to a reliable state, I was able to embed arbitrary code into an arbitrary replay. This code is executed immediately after opening, and there is no way to stop it from when the WoT client started playing the replay.
As far as I know, any replay newer than May 2014 is subject to this vulnerability. Most likely, earlier replays are also vulnerable and not credible. As proof of concept I attach a replay that opens the calculator window: dl.dropboxusercontent.com/u/19977649/Replay-exploit.wotreplay
Thus, you should not run any replays before the official fix from WG
Addition
Before all this turns into a presentation of claims to WG support, I want to mention that before this post I did not inform them about the vulnerability. In fact, it was the employee of WG Trezvor_WGA who really helped me in communicating the problem to the right people, they confirmed it and are already making a fix.
')
Why I did not use the bugtracker? In short - I just do not want. This is not the first vulnerability I found, and the standard procedure for catching bugs practically does not work. Many of the companies to which I reported vulnerabilities in this way did not do anything until the vulnerability was publicly disclosed.
I do not want to say that WG is one of these companies. First of all, I told them, but I want to warn the public before sending the ticket, so that they should be careful. Not the best way to earn the respect of the company, but the most reliable way to quickly see the fix.
From the translator - because It posted on a VERY visited resource on the subject of this project, it is probably already in use. So take care of yourself!
Source: https://habr.com/ru/post/245461/
All Articles