Valve's Source SDK contained a buffer overflow vulnerability that allowed remote code execution. The issue was fixed in the latest game updates.
Information on the vulnerability was released last night by security research firm One Up Security. Affected titles included Counter-Strike: Global Offensive, Team Fortress 2, Half-Life 2: Death Match, Portal 2 and Left 4 Dead 2, as well as third party games that are built upon the Source SDK.
According to the publication, Valve acted swiftly when the research firm contacted the game development studio last month. The vulnerability was fixed with the release of several game updates that same month.
The vulnerability was found inside a function that takes care of ragdoll model physics that is used when players die. The vulnerability opened the way for potential exploits to run on the player's PC.
The fixes deployed by Valve only affect Valve's own products. Video game developers who have created a Source SDK modification game still have to manually apply and distribute a hotfix patch themselves.
The original Half-Life game that released in 1998 has also received updates this month to address similar issues.
Comments