Funcom Security Woes Now Fixed
Prompt patching closes another exploit door
Dan Caselden and Gabriel Landau of Independent Security Evaluators recently checked into the games of Funcom, Anarchy Online and Age of Conan. Unfortunately, they found some pretty large vulnerabilities, some that would even allow a hacker to take over the victim's computer. Before revealing these exploits to the public, Independent Security Evaluators contacted Funcom to inform them of the problem they found. Prompt patching commenced:
8/28/08 - Funcom released patches for both games today. Both vulnerabilities were fixed in Anarchy Online. In Age of Conan, the directory traversal vulnerability has been fixed, but the buffer overflow remains. We do not believe that the buffer overflow alone currently poses a serious risk to players, but we recommend that Funcom fix it promptly so it cannot be used in any future hybrid attacks. In the meantime, we suggest that players exercise caution when downloading custom game scripts from third parties.
For more information about how the exploit works, and how to protect yourself against it, please check here.