Valve's Source SDK contained a buffer overflow vulnerability that allowed remote code execution. The issue was fixed in the latest game updates.
Information on the vulnerability was released last night by security research firm One Up Security. Affected titles included Counter-Strike: Global Offensive, Team Fortress 2, Half-Life 2: Death Match, Portal 2 and Left 4 Dead 2, as well as third party games that are built upon the Source SDK.
The vulnerability was found inside a function that takes care of ragdoll model physics that is used when players die. The vulnerability opened the way for potential exploits to run on the player's PC.
The fixes deployed by Valve only affect Valve's own products. Video game developers who have created a Source SDK modification game still have to manually apply and distribute a hotfix patch themselves.
The original Half-Life game that released in 1998 has also received updates this month to address similar issues.
Every contribution we receive goes directly into funding our journalism to ensure we can continue doing what we do best.