Slashdot Mirror
Vulnerability Found In Skyrim, Fallout, Other Bethesda Games
An anonymous reader writes "The author of this article goes over a format string vulnerability he found in The Elder Scrolls series starting with Morrowind and going all the way up to Skyrim. It's not something that will likely be exploited, but it's interesting that the vulnerability has lasted through a decade of games. 'Functions like printf() and its variants allow us to view and manipulate the program’s running stack frame by specifying certain format string characters. By passing %08x.%08x.%08x.%08x.%08x, we get 5 parameters from the stack and display them in an 8-digit padded hex format. The format string specifier ‘%s’ displays memory from an address that is supplied on the stack. Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack. Powerful stuff.'"
getting hits. no other purpose.
"So far, the only feasible way to exploit the game I’ve come up with is by some sort of hand crafted mod or plugin for the game as that would have access to the scripting console on which the vulnerabilities lie. That said, it would be difficult to exploit in the wild also do in part to the video games having no network capability."
don't mods or plugins already get to pretty much do whatever they want? that is, I wasn't under the impression that they're in some security sandbox.
world was created 5 seconds before this post as it is.
Skyrim doesn't require Admin, and it happens to be the most recent of the games listed here.
In fact, I'm pretty sure this claim is total bullshit.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Just how is Steam bloated? Looking at it's two processes right now, it's barely using 11MB of system RAM... The Dropbox client uses more than that and does a whole lot less... Windows Explorer uses even more than Steam. Browsers? Far more RAM usage.. That's far from bloated considering according to Steam's monthly hardware surveys where the average gaming PC is running a minimum of 4GB or ram or more. Seriously, look at the numbers yourself: 21.85% have 4GB, 23.48% have 8GB, and 9.62% have in excess of 12GB... Soooo 10-12MB of RAM is honestly a drop in the bucket for the average PC gamer. You may want to get your facts straight before posting, but then again posting as AC is there for those who love to troll and comment inaccruacies.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
Some of us C# programmers started life as C programmers, became C++ programmers at some point, and have now ended up as C# ones. You go where the money is; that's what being a professional is: doing something for money.
Yeah, I had a sig once; I got bored of it.
It knocks both DRM and Windows in one sentence. Which is popular on slashdot.
Facts don't matter, accuracy doesn't matter. Comments can be outright lies (like this one) and still achieve the highest ranking as *informative* just because it plays to a popular myth.
No, games are *not* run with admin rights. No they do *not* need to run with admin privileges, not even to use DRM. Especially not the online DRM variety that steam uses.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Day 1 = day the vulnerability becomes public knowledge. .....
Day 2 = day after the vulnerability becomes public knowledge.
Day 3 = two days after the vulnerability becomes public knowledge
Day 4=
It is an important distinction, because once the vulnerability is listed on cert.org, admins can take steps to defend themselves (firewalls, removing the program, setting up honey-pots, etc). If it's a zero-day vulnerability, then no one can defend themselves and the world is wide open for you to use it.
"First they came for the slanderers and i said nothing."