Video game developer Valve Corporation recently created a patch to fix a buffer overflow vulnerability in its Source SDK library that can allow for remote code execution on client and server devices.
Discovery of the flaw is credited to One Up Security, which detailed the bug on Wednesday in a blog post authored by Justin Taft, a security researcher and software engineer with the software development consulting company.
To address the vulnerability, multiple games running on the Source engine were updated, including Counter-Strike: Global Offensive, Team Fortress 2, Half-Life 2: Deathmatch, Portal 2, and Left 4 Dead 2.
The flaw can be exploited by killing another player in the game, causing a specially crafted ragdoll model to be loaded, Taft explains in the post, warning that remote code execution bugs in games can be leveraged to create a botnet or spread ransomware.
Taft urged third-party mod developers to apply that patch, and said they can also mitigate the vulnerability by enabling ASLR (Address space layout randomization) for all executables.
