We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conducts a technical deep dive into various identified bugs. We conclude by presenting a proof of concept (POC) exploit that leverages four different logic bugs into remote code execution in the game's client, triggered when a client connects to the server.

They’ve chained 4 logic bugs to achieve RCE in CS:GO, pretty impressive. Valve sucks at communication and bug bounty payouts though.

  • 21trillionsats@infosec.pubEnglish
    1·
    1 year ago

    Wow that was a fantastic read, love how much detail they went into for how they went about hunting for these.

    There were a lot of good sources to get the debug symbols for an old game like CSGO but they were very impressive, comprehensive and meticulous. It’s great to see that in combination with their process transparency.