Vulners
Lucene search
Dota 2 7.23f - Denial of Service (PoC)
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Dota 2 7.23f - Denial of Service Exploit | 10 Feb 202000:00 | – | zdt |
 | CVE-2020-7949 | 27 Jan 202021:37 | – | circl |
 | Valve Dota 2 schemasystem.dll Denial of Service Vulnerability | 11 Feb 202000:00 | – | cnvd |
 | CVE-2020-7949 | 27 Jan 202016:40 | – | cve |
 | CVE-2020-7949 | 27 Jan 202016:40 | – | cvelist |
 | EUVD-2020-28871 | 7 Oct 202500:30 | – | euvd |
 | Dota 2 7.23f - Denial of Service (PoC) | 10 Feb 202000:00 | – | exploitpack |
 | CVE-2020-7949 | 27 Jan 202017:15 | – | nvd |
 | CVE-2020-7949 | 27 Jan 202017:15 | – | osv |
 | Dota 2 7.23f Denial Of Service | 9 Feb 202000:00 | – | packetstorm |
10
# Exploit Title: Dota 2 7.23f - Denial of Service (PoC)
# Google Dork: N/A
# Date: 2020-02-05
# Exploit Author: Bogdan Kurinnoy ([email protected]) (bi7s)
# Vendor Homepage: https://www.valvesoftware.com/en/
# Software Link: N/A
# Version: 7.23f
# Tested on: Windows 10 (x64)
# CVE : CVE-2020-7949
Valve Dota 2 (schemasystem.dll) before 7.23f allows remote attackers to
achieve code execution or denial of service by creating a gaming server and
inviting a victim to this server, because a crafted map is mishandled
during a GetValue call.
Attacker need invite a victim to play on attacker game server using
specially crafted map or create custom game, then when initialize the game
of the victim, the specially crafted map will be automatically downloaded
and processed by the victim, which will lead to the possibility to exploit
vulnerability. Also attacker can create custom map and upload it to Steam
<https://steamcommunity.com/sharedfiles/filedetails/?id=328258382>.
Steps for reproduce:
1. Copy attached file zuff.vpk (
https://github.com/bi7s/CVE/blob/master/CVE-2020-7949/zuff.zip) to map
directory (C:\Program Files (x86)\Steam\steamapps\common\dota 2
beta\game\dota\maps)
2. Launch Dota2
3. Launch "zuff" map from Dota2 game console. Command for game console =
map zuff
4. Dota2 is crash (Access Violation)
Debug information:
(2098.1634): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\Program Files (x86)\Steam\steamapps\common\dota 2
beta\game\bin\win64\schemasystem.dll -
(2098.1634): Access violation - code c0000005 (!!! second chance !!!)
rax=00000000ffffffff rbx=0000027ba23dd9b6 rcx=0000027ba23dd9b6
rdx=0000000042424242 rsi=0000027b5ffb9774 rdi=0000000000000000
rip=00007ffa73af90ce rsp=000000e82bcfe900 rbp=0000000000000000
r8=00000000412ee51c r9=000000e82bcfea88 r10=0000027b5ffb9774
r11=00000000412ee51c r12=0000027b5ffbe582 r13=000000e82bcfe9f0
r14=0000027b5ffb5328 r15=0000000000000010
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200
schemasystem!BinaryProperties_GetValue+0x10ae:
00007ffa`73af90ce 40383b cmp byte ptr [rbx],dil
ds:0000027b`a23dd9b6=??Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Feb 2020 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 26.8
CVSS 3.17.8
EPSS0.09972