Italian security Researchers Luigi Auriemma and Donato Ferrante from 'ReVuln' reported the flaw in Steam Browser Protocol. Stream the popular online distribution platform with 54 million users.
The flaw allow the attacker to write arbitrary text to file and direct victims to external payloads and even the computer can take over. The popular gaming platform uses the steam:// URL protocol in order to run, install and uninstall games, backup files, connect to servers and reach various sections dedicated to customers.
It is possible to Safari, Maxthon and Firefox and other browsers based on the Mozilla engine, this quietly Steam URLs to invoke.
In report they said that browsers including Firefox and software clients including RealPlayer would execute the external URL handler without warnings and were "a perfect vector to perform silent Steam browser protocol calls".
The researchers demonstrated how users on the massive Source game engine, which hosts games like Half-Life and CounterStrike, could be attacked. They used four commands to write custom code to file, including a bat file that executes commands when users started up Steam. They were also able to execute remote malicious code via the Unreal engine which was affected by many integer overflow vulnerabilities.
Was tun?: Nicht auf jeden X-Beliebigen Link klicken !
ab dem 21 August 2012 geht es los, CS:GO steht in den startloechern...
Vorbesteller bekommen 10% rabatt bei Steam, aktion laeuft noch bis zum
Ein oder zwei server werden dem ensprechend umgeschrieben, so das
wir in beiden games erstmal vertreten sind...
Wir wuensche viel spass und auf ein baldiges treffen auf unseren servern...