Critical flaw found in game software
A hole in the "Unreal" game engine could let attackers take over vulnerable computers.
Security company Secunia issued a bulletin warning of the flaw in some versions of the "Unreal" game engine, used by numerous PC games. Most game publishers using the engine have already issued patches, however, to plug the hole.
According to the bulletin, malicious hackers could send a string of junk data to the security tool the Unreal engine uses to verify online game servers. Once the security tool was compromised by such a "buffer overrun," the attacker would be able to execute code at will on the machine.
Games affected by the flaw include five versions of "Unreal," all of which are secured by patches released last week, plus shooting games "Postal 2" and "Deus Ex," also fixed by recent patches.
The flaw was discovered by independent security researcher Luigi Auriemma, whose work has played a major role in publicizing online gaming as a possible vector for security threats. Auriemma discovered several flaws in software used by GameSpy, a popular online game-hosting service, and fought with the company to publicize the holes.
As they develop more online capabilities, games have become an increasingly popular avenue for online miscreants. A recently patched flaw in the shooting game "Half-Life" and its popular online offshoots opened a door for denial-of-service attacks, while the GameSpy service and software have been the subject of several security alerts.