[unsignedqword]

Honestly, it's not really surprising. Emulators, and, more broadly, video games in general, tend to not give little to any thought about security.

To be fair, exploiting games and emulators directly aren't a particularly common attack vector. I've never heard of any wild malware that attempted to exec itself via a (legit) emulator, although IIRC arbitrary code exec on clients had popped up a few times in the wild on older multiplayer games (mostly CoD and various Source multiplayer games). Most of the "malware" stuff related to emulators I've heard of are cheap tricks (e.g. tainted emulator binaries on shady websites, EXE files deceptively labeled as ROMs) and not any fancy exploits.

[ge0rg]

Actually, video games are the main exploit vector for game consoles. Out of my memory there was the name buffer overflow in Zelda for Wii, and a font corruption issue in King Kong for the Xbox 360, which both were used to allow running homebrew software.

[IntelMiner]

Attacking video games for code execution was the main entry point as the devices transitioned into semi-connected devices (the original Xbox, Playstation 2, Gamecube and then later the Wii), that has mainly transitioned now to "attack crusty old versions of Webkit!" for the current batch of consoles

Attacking emulators through games for code execution however is fairly novel

[unsignedqword]

I was referring to exploits in the context of malware, but that's a good point anyway.

[mikeash]

I wonder why emulators aren't a common attack vector. They're fairly popular, and downloading ROMs from mysterious shady sites is par for the course with them. If you could subvert a popular ROM site, or even just SEO your way to the top of the Google listings, you could get a lot of people.

[rincebrain]

Probably because they'd just infect the emulator with some payload rather than figure out an exploit vector that depended on the payload being opened in the emulator later.