![]() ![]() "It is the trust system that is undermined since you should be able to trust data file mods to be harmless, and only be sceptical about executables in general." PixelRick said. ![]() On top of that, "the crafted save file can be silent, after closing the popup I open, the real savefile data is loaded by the game without errors," PixelRick added. In essence the vulnerability makes a non-executable file executable, which could carry out "any locally executed virus". This buffer overflow can be used to redirect the running thread to an old DLL, at a fixed known address that doesn't have modern protection. PixelRick provided an in-depth explanation, but here's an attempt at a simplified overview: when Cyberpunk 2077 reads a savefile it can create a buffer overflow. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix." Eurogamer Next-Gen News Cast - Should Sony issue refunds for Control on PS5?Īccording to modding community member PixelRick, who is credited with discovering the issue, the save file vulnerability is "not hard to find as it is a matter of luck, but it tricky to exploit," describing it as a "vulnerability of the game and not a vulnerability of human nature". In the meantime, we advise everyone to refrain from using files obtained from unknown sources. We appreciate their input and are working on fixing this as soon as possible. This issue can be potentially used as part of a remote code execution on PCs. "A group of community members reached out to us to bring up an issue with the external DLL files the game uses. In a statement to Eurogamer, CDPR explained a little about the nature of the vulnerability: Following the discovery of a save file exploit, CD Projekt Red has told players to "use caution" when downloading files of unknown origin for use in Cyberpunk 2077. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |