Tuesday, December 9, 2014

On the Replay Vulnerability

As you may have already read about, someone found a way to make World of Tanks run arbitrary code when reading from a replay. I glanced through the proof of concept replay that was posted, and I believe I have the basic understanding of how it works. To this end, Clan Tools itself (or rather its' replay parser) is not vulnerable on several levels.

This doesn't lessen the threat of Clan Tools being used as a delivery method for malicious replays. I, however, do not have a solution on how to solve this problem. This isn't something I think the average anti-virus is going to catch due to the replay format, and the way in which the exploit is delivered; perhaps at execution time.

As such, at this time, all I can say is replays are very powerful and dangerous things, both within the context of what they can do on Clan Tools (granting codes), and now on your own computer should you run one. As such, if you do not trust a person, do not allow them to upload replays for your clan.

As an aside, if someone does upload a malicious replay, please let me know so I can remove the replay (and permanently ban them).

No comments:

Post a Comment