[Pozzuh]

The whole Call of Duty series is riddled with bugs similar to the one in this article. This makes sense of course since their engines are based on the same principles, they all originate from the Quake engine. One example of an exploit found in the Quake engine in 2006 [1], also related to the “fast download” functionality, has been present in Call of Duty games such as MW2, and Black Ops - so at least 4 years after the exploit was found.

It seems like Activision does not allocate any development time to their older games, even if critical vulnerabilities are found. Black Ops 3 (2015) has a number of remote code execution vulnerabilities in its peer-to-peer networking code, making it completely unsafe to play - even though it is readily available on Steam. Of course, these exploits are fixed by the community in custom, modded, clients. Sadly Activision likes to send cease & desist letters to developers of these clients.

Personally I’ve found an exploit in CoD4 (2007) that will leak the CD-key of a person joining your server. This was reported to Activision in 2009 (ish), but also never (officially) fixed. It uses similar CVar leaking concepts as the one discussed in this article. Probably that would also make for an interesting write-up.

[1] https://web.archive.org/web/20080517095348/http://www.securi...

[cinntaile]

The original Half Life engine (goldSrc) was based on the Quake engine, on Wikipedia it is mentioned that it was heavily modified. Half Life 2 used the Source engine and it doesn't necessarily mean that a lot of Quake engine artifacts are left, no?

[beebeepka]

It doesn't have to be a lot, though. After all, Valve was hacked like an year (sorry but it's been literally 20 yeas) before HL2 was released and yes, some Quake code was identified immediately.

[ikekkdcjkfke]

Just make a MITM node.js app to filter out anything not supposed to be there

Edit: a raspberri pi that filters out bad packets from old games