New Warcraft III security exploit discovered

Post Reply
User avatar
Xenon
Zerg Queen's Nest Slave Trainee
Zerg Queen's Nest Slave Trainee
Posts: 771
Joined: Mon Oct 23, 2006 3:29 pm

New Warcraft III security exploit discovered

Post by Xenon »

Hiveworkshop news post
However another equally bad exploit has been discovered, this time permitting Warcraft III to execute some form of scripting language via the Preload native. This can be used to get the game to download files from the internet and place them in dangerous folders (like windows or startup folders).
It is advisable to not play any map from a source you do not trust. Avoid downloading maps from BattleNet or playing on bots you do not trust. A trojen map can even take the apparent form of one you already have and can download and run the exploit code before the lobby even loads. Remember that both single player and multiplayer maps are susceptible to this.
Fantastic. They haven't even issued a patch to fix this yet (found in late October.)

With crap like this still going on, it looks more and more like Wc3 will be the last Blizzard game to ever allow local hosting of files. The promise of integrating legacy games into "Battle.net 2.0" is also unsettling.
User avatar
Lavarinth
Xel'naga Administrator
Xel'naga Administrator
Posts: 6539
Joined: Wed Aug 16, 2006 5:21 pm
Location: His Ashworld Planet

Re: New Warcraft III security exploit discovered

Post by Lavarinth »

They made this promise? I thought they had no intentions to do so with legacy titles since the demand isn't so high, might be wrong though.
- - Lavarinth
Campaign Creations Administrator
User avatar
Xenon
Zerg Queen's Nest Slave Trainee
Zerg Queen's Nest Slave Trainee
Posts: 771
Joined: Mon Oct 23, 2006 3:29 pm

Re: New Warcraft III security exploit discovered

Post by Xenon »

Saw this on the Warcraft III Forums:
BUT maybe theres a other Reason why they still havent released the new Patch yet, im sure many here watched the Blizzcon 2010, there in an Interview (a few weeks ago) one of Blizzard sayd they working on a "Battle.net 2.0" Integration of WarCraft 3, with RealID and stuff, the one that interviewed him was also surprised, me to, but thats really nice, he sayd WarCraft 3 has already mostly everything ready to be integrated in Battlenet 2.0, thats so nice, then you see in your StarCraft 2 Friendslist, or Wolf of WarCraft Friendslist if friends are playing WC3, i think thats the mainreason for the delay.
Haven't verified this though. I do agree with this comment if it entails what they did to SC2:
The final nail in war3's coffin would be having it use bnet2.0.
User avatar
RazorclawX
Xel'naga World Shaper
Xel'naga World Shaper
Posts: 2078
Joined: Thu Aug 24, 2006 7:19 pm

Re: New Warcraft III security exploit discovered

Post by RazorclawX »

Warcraft III 1.25 patch is up on their PTR server... who knows if it actually fixes anything.
Image
-- Razorclaw X
Creator of Wanderers of Sorceria and Vision of the Future
Post Reply