SecurityvulnsSECURITYVULNS:DOC:20097Endless loop in Halo 1.07
#######################################################################
Luigi Auriemma
Application: Halo: Combat Evolved
http://www.microsoft.com/games/pc/halo.aspx
Versions: <= 1.07
Platforms: Windows
Bug: endless loop
Exploitation: remote, versus server
Date: 29 Jun 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
Halo is the great FPS game developed by Bungie Studios and ported on PC
by Gearbox Software (http://www.gearboxsoftware.com).
Although it has been released at the end of 2003, it's still one of the
most played games with hundreds of internet servers.
#######################################################################
======
2) Bug
This vulnerability is exactly like the old one I found over 3 years ago
in version 1.06 (haloloop) and which was fixed (or it's the case of
saying partially fixed) in version 1.07: an endless loop caused by a
malformed in-game packet which freezes completely the server.
#######################################################################
===========
3) The Code
http://aluigi.org/poc/haloloop2.zip
#######################################################################
======
4) Fix
No fix.
#######################################################################
Luigi Auriemma
http://aluigi.org