Source Engine PC Hijack Exploit Fixed


Valve’s Source Engine has been patched to close an exploit which allowed hackers to remotely hijack players PCs.

The Source Engine is the platform behind Team Fortress 2, Portal 2, Counter-Strike: Global Offensive and other Valve games.

By loading a custom map with custom assets, malicious parties could use these to trigger a buffer overflow vulnerability which rendered the target’s PC open to remote code execution.

This allowed hackers the ability to use this exploit to take control of a target PC.

The vulnerability was identified by One Up Security who offered the following statement: “Valve’s Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers. The vulnerability was exploited by fragging a player, which casued [sic] a specially crafted ragdoll model to be loaded. Multiple Source games were updated during the month of June 2017 to fix the vulnerability. Titles included CS:GO, TF2, Hl2:DM, Portal 2, and L4D2. We thank Valve for being very responsive and taking care of vulnerabilites [sic] swiftly. Valve patched and released updates for their more popular titles within a day.”

Source: PC Gamer