Valve’s Source Engine has been patched to close an exploit which allowed hackers to remotely hijack players PCs.
The Source Engine is the platform behind Team Fortress 2, Portal 2, Counter-Strike: Global Offensive and other Valve games.
By loading a custom map with custom assets, malicious parties could use these to trigger a buffer overflow vulnerability which rendered the target’s PC open to remote code execution.
This allowed hackers the ability to use this exploit to take control of a target PC.
The vulnerability was identified by One Up Security who offered the following statement: “Valve’s Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers. The vulnerability was exploited by fragging a player, which casued [sic] a specially crafted ragdoll model to be loaded. Multiple Source games were updated during the month of June 2017 to fix the vulnerability. Titles included CS:GO, TF2, Hl2:DM, Portal 2, and L4D2. We thank Valve for being very responsive and taking care of vulnerabilites [sic] swiftly. Valve patched and released updates for their more popular titles within a day.”
Source: PC Gamer