Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Fragging A Player In Some Steam Games Allowed Installation Of Malware (

An anonymous reader writes: A buffer overflow vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. The vulnerability could be triggered when fragging another player. Malicious code could be added to rag models — dead body animations — packed inside custom mods and map files.

Multiple Source games were updated during the month of June 2017 to fix the vulnerability, such as CS:GO, TF2, Hl2:DM, Portal 2, and L4D2. Steam has also informed third-party mod creators, who now have to update the Steam Source SDK version they use in their mods. Developers who have created a Source engine game modification should apply the following patch. The security researcher who found the flaw has refrained from releasing a proof-of-concept demo for the Source SDK vulnerability for the next 30 days in order to give mod creators more time to patch their maps and mods. The proof of concept will be published here.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Fragging A Player In Some Steam Games Allowed Installation Of Malware

Comments Filter:

Air is water with holes in it.