Old Call of Duty bug leveraged to spread worm malware

TechCrunch reports that worm malware attacks exploiting a five-year-old vulnerability have been targeted at Call of Duty: Modern Warfare 2 players for nearly a month. Such a vulnerability was initially disclosed to Call of Duty publisher Activision in 2018 but no fixes have been issued, said security researcher Maurice Heumann, who discovered and reported the flaw. Heumann also noted that no details about the easily exploitable flaw have been published due to the inaction of Activision. "It's a simple buffer overflow with only very few limitations. Writing a full-fledged exploit is a simple task," said Heumann regarding the bug, which is already being flagged as "CoDworm." No explanation regarding the lack of a patch for the vulnerability has been provided by Activision, which previously issued a cease-and-desist letter to Heumann for developing a customized Call of Duty: Black Ops III version that addressed several serious game flaws.