AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 30th July, 2003, 09:10 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

GameSpy Arcade Hole

According to ThreeZee Technology, there is a hole in GameSpy Arcade that could be used by an attacker to overwrite and add files on your hard disk.

When GameSpy installs itself, it adds some mime type to the web browsers. This causes the web browers to consider the ".APK" files safe, and will not prompt for any action before downloading the ".APK" files.

Then the bug appears to be because the update agent will accept ".APK" files, then unzip them, as they are actually ZIP archives. If the ZIP file has paths in it, then the update agent will extract to these paths, allowing an attacker to overwrite any files on your computer.

GameSpy does not need to be running - in fact it does not need to have even been used at any point. Just having the software installed is enough to open this vulnerability.

GameSpy are working on a patch to the vulnerability which should appear within the next few days. People are strongly recommended to upgrade!
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 31st July, 2003, 05:04 PM
cloasters's Avatar
Asst. BBS Administrator
 
Join Date: September 2001
Location: Location, Location
Posts: 21,956

Thank you for bringing this to our attention Aedan!
__________________
When the world will be better.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 31st July, 2003, 06:27 PM
jimbobaggies's Avatar
Member
 
Join Date: April 2003
Location: Torbay, UK. The English Riviera!
Posts: 432
Send a message via ICQ to jimbobaggies Send a message via MSN to jimbobaggies Send a message via Yahoo to jimbobaggies

Gamespy is pants, I would never consider using it whilst ASE is available for nowt!
__________________

DFI LanpartyUT nF4 Ultra-D [BIOS N4LD406]
AMD Athlon 64 X2 4200+ Zalman CNPS8700 LED Cooler
OCZ (2 x 1GB) PC3200 Platinum Series EL-DDR [2-3-2-5]
XFX GeForce 7800GT Extreme LED Edition [480/1200]
Seagate Barracuda 250GB SATA II 16MB Cache
Seagate Barracuda 320GB SATA II 16MB Cache
Samsung CDDVDW SH-S203B
Antec Sonata - TruePower 2.0 550W
Samsung SyncMaster 172x


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 23rd August, 2003, 04:46 PM
muzz's Avatar
Member
 
Join Date: November 2002
Posts: 1,018

Quote:
Originally Posted by jimbobaggies
Gamespy is pants, I would never consider using it whilst ASE is available for nowt!

I don't trust any file sharing/online game sharing tools.
Gamespy was one of the very first I know of to do this kind of thing ( on a HUGE basis), and I haven't installed that on my machine for this reason.
I hate wanting to DL demos and stuff like that, only to have the site say I need to dl and install some kind of BS client to do so...... bah I just say forget it and look elsewhere..... sometimes it's very difficult to find the same file without it, but hey I guess I really didn't want that demo now did I......
__________________
All MODS are done AT YOUR OWN RISK.........plan accordingly..

Fat, Drunk and Stupid is no way to go through life.........

I have a pool and a pond........ pond would be good for you though.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 23rd August, 2003, 11:28 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

http://www.aoaforums.com/ ":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gamespy Arcade users beware: piccoLEW GAMES! OH YEAH! 3 18th October, 2004 05:47 PM
Gamespy Arcade security breach piccoLEW Data Security 0 17th October, 2004 11:19 PM
One hole fixed, one new hole created. cloasters Data Security 0 19th June, 2003 08:26 PM


All times are GMT +1. The time now is 07:18 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0