Jump to content
Sign in to follow this  
Cyruz

Modern Warfare Repatched AGAIN

Recommended Posts

Cyruz

Steam seems to have started a campain to kill Cod4x. They have made their own 1.8 patch and force it  on all steam users. To be able to Use Cod4X  you must use this patch

 

Download -----> Patch 1.7

 

  • Like 1
  • Thanks 1

Share this post


Link to post
Soldat Ryan
Posted (edited)

This is a new file or the same from your previous post ?

 

What is funny, is Activision is patching COD4 Steam games, but do not deliver patch for CD retail version !! 🤡 Shame on them to try to break the game.

 

EDIT : Other thing, because you can't cancel Steam games update and to prevent to come back to 1.6 (even after installing 1.7) you have to copy/paste your full game folder of COD4 outside Steam folder and launch your game with double click on iw3mp.exe or create a shortcut.

Edited by Soldat Ryan
  • Like 2

Share this post


Link to post
Cyruz

well u can patch back to 1.7 and keep it in steam. They will only send out the 1.8 patch if u reinstall the game

Share this post


Link to post
Cyruz

Quote from Fraggy Cod4X dev

 

Details about the vulnerability, its sense etc.

When was the vulnerability first time discovered? Well Treyarch has discovered this RCE vulnerability already within the development cycle of "CoD: BlackOps" (I did not check CoD:WaW) which got relased in year 2010. In BlackOps this vulnerability was purposefully patched by Treyarch but future CoD version developed by InfinityWards kept having that vulnerability. (You can think your own part about it. I am not going to rate it here.)

I for my self know about this issue for about 5 years. However in CoD4 this vulnerability is hardly possible to exploit at all. Because CoD4 allocates a static heap buffer which can be overflowed. Binary analysing told me that overflowing that heap allocated buffer has no critical effect and so it can not be exploited. What can happen by overflowing it? A function pointer of the command "snd_list" can be overwritten. As it is impossible to pass any arguments on this way and it can work only when you run a listenserver (snd_list is a client command), and the attacker needs rcon execute the command, this is very unrealistic to do any damage ever.

On CoDMW2 however this buffer was stack allocated (What I know about only for ca. 3 months)

So for CoD4 this patch is actually useless but it is now done anyway in a rushed action as you can see. Most do not even host servers with iw3mp.exe anyway. However CoD4 has another RCE vulnerability which is also not fixed in the latest patch Activision released. This vulnerability is totally unknown to Activision but from even bigger severity. Because this does affect clients. The full automatic installation and execution of CoD4X18 should actually show you how dangerous such a buffer overflow vulnerability is. Servers could actually also give you ransomware instead CoD4X18.

 

Using CoD4X18 does patch all this to me known vulnerabilities and also covers the one Activision patched right now. It is safer to obtain CoD4X18 from this site than joining any server which gives it maybe to you or maybe gives you something else.

 
  • Like 1

Share this post


Link to post
Sign in to follow this  

Map Hosting by 4T4Chris

For all your Call of Duty

Map Hosting and Download needs!

Click on the link below

Click Here!

Images for your Site

mubutton.rar

×