Full Disclosure mailing list archives
Re: Vulnerability in is Dopewars
From: Charles Morris <cmorris () cs odu edu>
Date: Thu, 17 May 2012 12:42:43 -0400
You should have went to a CERT with this, shouldn't vendor coordination be of urgency here? On Thu, May 17, 2012 at 12:35 PM, Григорий Братислава <musntlive () gmail com> wrote:
Hello Full-Disclosure!! !! !! Is like to warn you about is vulnerability in Dopewars. I'm is discover vulnerability perhaps 10 years ago but is posting now. Is problem exist when carry more than is 50 cocaines and is Officer Hardass (pitifully armed) is kill 2 of is your bitches. Is when this happen player is obviously targeted! Is exploit will happen only when player is in is Brooklyn (not Queens) and is has identity given to Officer Hardass! Proof exist in code: 8056370: 85 c0 test %eax,%eax 8056372: 7f dc jg 8056350 <gtk_clist_select_row@plt+0x7da0> 8056374: eb b9 jmp 805632f <gtk_clist_select_row@plt+0x7d7f> 8056376: 8d 76 00 lea 0x0(%esi),%esi 8056379: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi 8056380: 55 push %ebp 8056381: 89 e5 mov %esp,%ebp 8056383: 53 push %ebx 8056384: 83 ec 14 sub $0x14,%esp 8056387: 8b 5d 0c mov 0xc(%ebp),%ebx 805638a: c7 44 24 04 00 00 00 movl $0x46256595(%eip) // <------ Is hardcoded proof perl -e 'printf "Barrett your is bed is ready @ " . "0x" . "%02x"x4."\n",70,37,101,149' Is MusntLive not contact Dopewars developer this year but next when is I release new advisory! (NO IS HAMSTER IS HURT DURING IS MAKING OF IS POST AND IS NO LUMBERJACKS IS HARMED ISEVER SEKTIEWHOARE IS EXPOSED)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability in is Dopewars Григорий Братислава (May 17)
- Re: Vulnerability in is Dopewars Charles Morris (May 17)