Hot on the heels of an exploit uncovered relating to EA's origin client, another product in the EA family has been found to have a massive security hole. Users playing EA's Battlefield Play4Free game on an older version of Windows can have their PCs hijacked by simply landing on a booby-trapped website, according to this Ars Technica report. This latest exploit of an EA product was revealed at the same Black Hat security conference in Amsterdam that uncovered the exploit in Origin.
The proof-of-concept exploit was demonstrated last week at the event and showed researchers executing malicious code on default systems running Windows XP or Windows 2003 that had the Play4Free title installed.
There are close to 1 million players of the first-person shooter game and about 39 percent of Windows users are still on XP.
The webpage used to activate the exploit opens the game on a victim's computer and instructs it to load a "MOD" file used to customize game settings and features. Of course this MOD file is full of malicious code. The MOD file is able to upload a batch file that is executed the next time the computer is restarted.
"This is a good example to show people that even [if] games adopt several protections, odd, nonstandard behaviours in the operating system in use will allow attackers to bypass all the security measures adopted by the games," Donato Ferrante, a researcher with Malta-based ReVuln, told Ars Technica. "An example is given by the security check on the website hosting the game, which is checked against a whitelist and can be bypassed by relying on a nonstandard behavior of a Windows API (specifically for Windows OS before Windows Vista)."
Ferrante and Luigi Auriemma are the same researchers that uncovered the Origin security issues.
Ars Technica has a lot more on this story here.
Source: Ars Technica