Valve: Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client

Introduction Greetings. In GoldSource Engine there is a vulnerability that allows to run an arbitrary DLL on the client, using the flaws in the file downloading system. Description Part of the problem is hidden in the CLBatchResourceRequest function. This is a client function that is responsible...

Valve: Potential buffer overflow in demoplayer module of GoldSource Engine

Introduction Hey. There's a potential vulnerability in the GoldSource Engine that allows to write data to stack of arbitrary size, thereby causing a buffer overflow and the ability to execute assembler code using .dem files. Description The problem is located in the DemoPlayer::ReadDemoMessage...

Valve: Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection

With the vulnerability of the GoldSource Engine, the server is able to perform remote code execution on the client, overwriting the stack when reading the BMP file. The problem is in the LoadBMP8 function, which is executed when the player connects to the server, by loading the...