Thread has been deleted
Last comment
Valve fixes critical remote code execution exploit
South Africa LustedSilli - HLTV.org 
According to Secret Club, Valve has finally fixed the critical remote code execution exploit for Source engine games, including CS:GO. Source: twitter.com/the_secret_club/status/13834.. This exploit has reportedly been around for two years, which could allow some people to gain control of another's PC via a Steam invite, in the most basic of terms. Florian first found this exploit and reported it to Valve roughly two years ago, in case you haven't been following these developments. Thoughts?
2021-04-21 09:06
Topics are hidden when running Sport mode.
EZ4VOLVO
2021-04-21 09:06
1 reply
NOTSOEZ4VOLVO
2021-04-21 09:07
took a while
2021-04-21 09:06
How did this work essentially? Was this a sort of XSS attack and did I have to interact with the invite in order to be affected?
2021-04-21 09:07
3 replies
As far as I can tell you needed to interact with the invite yeh. There's a while detailed technical explanation which was released after Valve fixed it secret.club/2021/04/20/source-engine-rce..
2021-04-21 09:13
2 replies
Gave it a quick skim, basically Steam invites need to be able to launch the game when you do not already have it started. You can pass parameters along which can modify someones game or even establish a connection into the host machine. Very interesting.
2021-04-21 09:18
1 reply
Ahhh I see, yeh quite interesting. I'm going to give it a good detailed read a bit later today
2021-04-21 09:43
#5
 | 
Europe Ezmoneymens
>Valve fixes critical.. <2years >remember it's valve >woah_thatwasfast.jpg
2021-04-21 09:09
1 reply
these 2 interns had hard work to do
2021-04-21 09:16
oh ok cool
2021-04-21 09:14
#9
ropz | 
Netherlands ONGix
Riot developers been real quite since this dropped... Only 2 years to fix huge exploit? #Riot_Devs_Need_New_Jobs
2021-04-21 09:17
1 reply
+1 KEKW
2021-04-21 09:21
I remember there was also a classic buffer overflow on CS 1.6's source code disclosed on Hackerone last year or so. At least they're being patched before causing any notable harm
2021-04-21 09:21
I guess the old rule of not trusting unexpected links still works.
2021-04-21 09:50
Login or register to add your comment to the discussion.