Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability Found In Skyrim, Fallout, Other Bethesda Games

Posted by Soulskill on from the beware-meddling-daedra dept.

An anonymous reader writes "The author of this article goes over a format string vulnerability he found in The Elder Scrolls series starting with Morrowind and going all the way up to Skyrim. It's not something that will likely be exploited, but it's interesting that the vulnerability has lasted through a decade of games. 'Functions like printf() and its variants allow us to view and manipulate the program’s running stack frame by specifying certain format string characters. By passing %08x.%08x.%08x.%08x.%08x, we get 5 parameters from the stack and display them in an 8-digit padded hex format. The format string specifier ‘%s’ displays memory from an address that is supplied on the stack. Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack. Powerful stuff.'"

2 of 179 comments (clear)

  1. Re:Whats the purpose of this by Sable+Drakon · · Score: 5, Informative

    Just how is Steam bloated? Looking at it's two processes right now, it's barely using 11MB of system RAM... The Dropbox client uses more than that and does a whole lot less... Windows Explorer uses even more than Steam. Browsers? Far more RAM usage.. That's far from bloated considering according to Steam's monthly hardware surveys where the average gaming PC is running a minimum of 4GB or ram or more. Seriously, look at the numbers yourself: 21.85% have 4GB, 23.48% have 8GB, and 9.62% have in excess of 12GB... Soooo 10-12MB of RAM is honestly a drop in the bucket for the average PC gamer. You may want to get your facts straight before posting, but then again posting as AC is there for those who love to troll and comment inaccruacies.

    --
    The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
  2. Modded to +5 Informative because by benjymouse · · Score: 5, Informative

    It knocks both DRM and Windows in one sentence. Which is popular on slashdot.

    Facts don't matter, accuracy doesn't matter. Comments can be outright lies (like this one) and still achieve the highest ranking as *informative* just because it plays to a popular myth.

    No, games are *not* run with admin rights. No they do *not* need to run with admin privileges, not even to use DRM. Especially not the online DRM variety that steam uses.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*