Critical Vulnerabilities found in Call of Duty:MW3, CryEngine 3

ReVuln security consultants Luigi Auriemma and Donato Ferrante presented results of their research at the Power of Community (POC2012) security conference and said that not only hackers but also other online gaming companies can benefit by exploiting these vulnerabilities. The security researchers have revealed that online gaming companies can try and steal a competitor’s players or shut down a competitor’s game completely. Ferrante said “We have a lot of companies that ask for these kinds of denial-of-service attacks to attack competitors. This is really a big concern for companies”, reports Computer World.

Auriemma showcased a video during the conference which contained an exploit targeting a denial-of-service vulnerability in Activision’s COD:MW3. In the video, the server administrator received a warning when the server running the game was remotely crashed. The duo is planning to release advisories next Tuesday and have showed willingness to work with Activision to patch the vulnerability but, have revealed that they will not be doing so by volunteering the information as vulnerability research is part of their business.

Auriemma’s also showcased another exploit that targeted vulnerability in CryEngine 3. The researcher showcased how he was able to gain access to a game-player’s system by creating a remote shell through to the player’s computer. “Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,” said Ferrante.