StarDestroyer.Net BBS

May 5, 2006 - Today, on milw0rm.com, a hacker nicknamed Landser has released a hack that exploits a serious leak in games based on the Quake 3 Engine. It grants hackers full access to take over your computer.

Technically, the leak creates a unsuspicious "boundary error" when sending malformed messages from the gameserver to a client during the remapShader process. Once a buffer overflow occurs, the computer is fully exposed to any type of activities.

Gamers are only at risk if they connect to a gameserver operated by someone with foul intentions.

Games that are currently at risk are RtCW, Quake III Arena and Enemy Territory.

So far, no official reaction has been made by id software to close this leak. It is unsure how long this leak was known to hackers and the game developer.
Posted by Cash

BloodAngel wrote:Return to Castle Wolfenstein.

I never liked Quake 3, but damn, just playing it can cause someone to break into your computer? Quake 3 having this kind of power in the first place (besides hardware access) is a mystery in itself.

Durandal wrote:I'm guessing that the privilege escalation only affects Windows users. On Linux and OS X, Quake 3 doesn't run with root privileges.