To sum up my sources for this claim: Maps/Community servers/Steam invites can be corrupted in a specific way to execute programs on the client. As of now most of these RCEs have been patched by Valve in the CS:GO beta, but I cannot say the same thing for TF2 as we have no letter of confirmation from Valve.
Sources:
[1] - Remote exploitation of the Valve Source game engine
[2] - CVE-2021-30481: Source engine remote code execution via game invites
Here are some more sources listed (by u/QuodJaw)
To sum up my sources for this claim: Maps/Community servers/Steam invites can be corrupted in a specific way to execute programs on the client. As of now most of these RCEs have been patched by Valve in the CS:GO beta, but I cannot say the same thing for TF2 as we have no letter of confirmation from Valve.
Sources:
[url=https://insomnihack.ch/wp-content/uploads/2017/04/AC_remote_exploitation_of_valve_source.pdf][1][/url] - Remote exploitation of the Valve Source game engine
[url=https://secret.club/2021/04/20/source-engine-rce-invite.html][2][/url] - CVE-2021-30481: Source engine remote code execution via game invites
[url=https://old.reddit.com/r/GlobalOffensive/comments/mu3xqs/rces_and_you_the_ones_valve_still_havent_patched/?depth=4]Here are some more sources listed (by u/QuodJaw)[/url]
For someone who uses kali linux, it seems you do a lot of your research on internet explorer....
Welcome to 2018 my dude
For someone who uses kali linux, it seems you do a lot of your research on internet explorer....
Welcome to 2018 my dude
If you said you were confident there were no RCE exploits, then I'd be worried.
"I go with the opposite you say" kinda vibe.
If you said you were confident there were no RCE exploits, then I'd be worried.
"I go with the opposite you say" kinda vibe.
Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there aren't bugs leading to rce in any software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.
Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there [i]aren't[/i] bugs leading to rce in [i]any[/i] software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.
turbochad69Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there aren't bugs leading to rce in any software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.
Seems that Valve only patched the steam invite RCE for TF2. What about CS:GO? What about the other RCEs?
[quote=turbochad69]Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there [i]aren't[/i] bugs leading to rce in [i]any[/i] software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.[/quote]
Seems that Valve only patched the steam invite RCE for [i]TF2[/i]. What about CS:GO? What about the other RCEs?
AimIsADickturbochad69Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there aren't bugs leading to rce in any software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.
Seems that Valve only patched the steam invite RCE for TF2. What about CS:GO? What about the other RCEs?
good call, they most likely just forgot to patch the RCE in csgo, their most popular game except for maybe dota
[quote=AimIsADick][quote=turbochad69]Valve fixed this 6 months ago in tf2: https://i.imgur.com/XbI1hPU.png, would post the link but you actually already posted it lol
It's a very very foolish mindset to assume that there [i]aren't[/i] bugs leading to rce in [i]any[/i] software, let alone a c++ codebase from 2004, with old versions of 3rd party libraries, that valve has been adding to in the way that they have.
This specific bug in XZip has been found and patched, there are undoubtedly many more similar bugs in other parts of Source/tf2, and you should assume the same for nearly any software.[/quote]
Seems that Valve only patched the steam invite RCE for [i]TF2[/i]. What about CS:GO? What about the other RCEs?[/quote]
good call, they most likely just forgot to patch the RCE in csgo, their most popular game except for maybe dota
fun rule of thumb AimIsADick: if someone like you knows about it, it's patched
also the write up says it's been patched in csgo and tf2, and that steam invites for other games will show a confirmation dialog when passed abnormal launch flags
fun rule of thumb AimIsADick: if someone like you knows about it, it's patched
also the write up says it's been patched in csgo and tf2, and that steam invites for other games will show a confirmation dialog when passed abnormal launch flags
turbochad69fun rule of thumb AimIsADick: if someone like you knows about it, it's patched
…also the write up says it's been patched in csgo and tf2, and that steam invites for other games will show a confirmation dialog when passed abnormal launch flags
Yeah you already told me. What about the map RCEs in CS:GO (and maybe TF2) though?
_flacFor someone who uses kali linux, it seems you do a lot of your research on internet explorer....
Welcome to 2018 my dude
But I use windows 10. I can't even install GNU/Linux because I lost my flash drives some months back.
[quote=turbochad69]fun rule of thumb AimIsADick: if someone like you knows about it, it's patched
…also the write up says it's been patched in csgo and tf2, and that steam invites for other games will show a confirmation dialog when passed abnormal launch flags[/quote]
Yeah you already told me. What about the map RCEs in CS:GO (and maybe TF2) though?
[quote=_flac]For someone who uses kali linux, it seems you do a lot of your research on internet explorer....
Welcome to 2018 my dude[/quote]
But I use windows 10. I can't even install GNU/Linux because I lost my flash drives some months back.
AimIsADickGNU/Linux
What you're referring to as GNU/Linux, is in fact, Linux, or as I've recently taken to calling it, Linux.
[quote=AimIsADick]GNU/Linux[/quote]
What you're referring to as GNU/Linux, is in fact, Linux, or as I've recently taken to calling it, Linux.
aimisdick is a psyop i swear
aimisdick is a psyop i swear
you have literally one solitary HL log, I can't understand why you think this website is the place for you, but please never stop
you have literally one solitary HL log, I can't understand why you think this website is the place for you, but please never stop
b4nny DOES support RCE exploit
b4nny DOES support RCE exploit
We'll see who's laughing when AimIsADick becomes Dr AimIsADick after he gets his PhD in GNU and Hacking, from Reddit University
We'll see who's laughing when AimIsADick becomes Dr AimIsADick after he gets his PhD in GNU and Hacking, from Reddit University
Adnurakyou have literally one solitary HL log, I can't understand why you think this website is the place for you, but please never stop
[quote=Adnurak]you have literally one solitary HL log, I can't understand why you think this website is the place for you, but please never stop[/quote]
Adnurakyou have literally one solitary HL log
What HL log? I don't play HL.
Adnurak, I can't understand why you think this website is the place for you, but please never stop
Idk either. I treat tf.tv users as just another customer base.
[quote=Adnurak]you have literally one solitary HL log[/quote]
What HL log? I don't play HL.
[quote=Adnurak], I can't understand why you think this website is the place for you, but please never stop[/quote]
Idk either. I treat tf.tv users as just another customer base.
[img]https://media4.giphy.com/media/g9d5Iiaou1OX3aA0PU/giphy.gif?cid=790b761186662f6930e1011aa12b0854a26062ad56ec01ec&rid=giphy.gif&ct=g[/img]
Ah yes, the loyal paying Customers of Team Fortress Televised
Ah yes, the loyal paying Customers of Team Fortress Televised
I'm not sure how someone can put all this effort into "research" and posting when literally everyone either hates their posts or laughs at them
I'm not sure how someone can put all this effort into "research" and posting when literally everyone either hates their posts or laughs at them
but his net settings were Phenomenal though despite that dpm
but his net settings were Phenomenal though despite that dpm
_flacC U S T O M E R B A S E
More like an insignificant customer base amirite?
pirateaimisadick is a treasure trove of really bad takes and i want them to be archived somewhere for the rest of time
What do you mean?
[quote=_flac]C U S T O M E R B A S E[/quote]
More like an insignificant customer base amirite?
[quote=pirate]aimisadick is a treasure trove of really bad takes and i want them to be archived somewhere for the rest of time[/quote]
What do you mean?
i honestly cant get a grasp on anything you say in any of your posts
i honestly cant get a grasp on anything you say in any of your posts
If you could get negative nerdstars, at how many of them would AimIsADick be sitting at?
If you could get negative nerdstars, at how many of them would AimIsADick be sitting at?
HerpTimIf you could get negative nerdstars, at how many of them would AimIsADick be sitting at?
How many would I have
[quote=HerpTim]If you could get negative nerdstars, at how many of them would AimIsADick be sitting at?[/quote]
How many would I have
AimIsADick_flacC U S T O M E R B A S E
More like an insignificant customer base amirite?
it took you a month to respond to this. also what fucking customer base u aint selling shit!!!!!!!!
[quote=AimIsADick][quote=_flac]C U S T O M E R B A S E[/quote]
More like an insignificant customer base amirite?[/quote]
it took you a month to respond to this. also what fucking customer base u aint selling shit!!!!!!!!