lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKt6Oami0NEAuYigTGkQuN=fPKiC2a-hLqRGvTkXiZKdVcg46A@mail.gmail.com>
Date: Tue, 10 Sep 2013 09:29:28 +0200
From: RBS Research <research@...kbasedsecurity.com>
To: full-disclosure@...ts.grok.org.uk
Subject: An Analysis of the (In)Security State of the
 GameHouse Game Installation Mechanism

January 2013, we encountered the latest version of RealArcade installer
provided by GameHouse (a division of RealNetworks) on a system during an
audit. Considering its historical vulnerabilities and recent reports about
vulnerabilities in game clients/installers, we decided to take a closer
look at its current security state.

It was uncovered that not only was it still affected by almost two year
old, publicly known vulnerabilities allowing command execution, but also
new issues incl. unsafe permissions and a use-after-free. The full paper
describes the flaws in the GameHouse game installer for Windows, and how it
exposes users’ systems.

While not responsive (except a classic response from support - see timeline
in report), GameHouse did silently address some of these issues in a site
update around May 2013, but other concerns still remain.

Blog:
http://www.riskbasedsecurity.com/2013/09/an-analysis-of-the-insecurity-state-of-the-gamehouse-game-installation-mechanism/

Paper:
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

--

Carsten Eiram
Risk Based Security

Twitter: @RiskBased / @CarstenEiram

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ