Remote Code Execution Vulnerability in Activision Infinity Ward Call of Duty Games

Remote Code Execution Vulnerability in Activision Infinity Ward Call of Duty Games

CVE-2018-20817 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

Learn more about our Web Application Penetration Testing UK.