News Cyberpunk Vulnerability Gives Modders Full Access to Your PC

[Admin]

A vulnerability in how Cyberpunk 2077 accesses external DLL files runs the risk of giving malicious modders full remote access to your PC.

Cyberpunk Vulnerability Gives Modders Full Access to Your PC : Read more

 

[Phaaze88]

/LE SIGH

 

[hotaru.hino]

It doesn't look like a goof on CDPR's part, just whoever made the DLL.

 

[mac_angel]

It doesn't look like a goof on CDPR's part, just whoever made the DLL.

It's probably part of M$ .DLL, but I don't know, and the article doesn't give details. To me it sounds more along the lines of "be careful of what you download". For the most part, a system is only as secure as it's user. Going to sketchy web sites, downloading sketchy files or programs you find randomly, using crappy or no passwords, etc. I very rarely use mods that are not found on nexusmods.com and even ponied up for a lifetime subscription since I use it regularly, they have a LOT of games they cover now, and I believe they do really great work. Especially with their program Vortex that most times install the mods for you, automatically update, and find conflicts with other mods. Other than that one, I check out WideScreenGamingForum since I'm an old man and still get a kick out of using 3 displays (and SLI, lol).
I haven't bought CyberPunk 2077 yet. I very rarely buy games when they are first released because every game will always have bugs that need to be worked out. I don't think it's so much the fault of the developers (though they do have some responsibility), but just the endless amount of combinations in different systems. It would be virtually impossible for them to test on every combination of CPU, GPU, OS, Drivers, resolution, etc. and play through the game in each of these systems to see about finding bugs. Especially something that 'may' happen after 50 hours into the game, when you look at a specific thing, or try to do a certain thing in a specific way, in a certain order, etc, etc.

 

[SethNW]

It doesn't look like a goof on CDPR's part, just whoever made the DLL.

Reading original Reddit post and based on Nexus site temporary ban on save files, which give it further validity, this exploit originated from CP save bug, which allows delivery of malicious payload through buffer overflow. That can be used to manipulate 3rd party DLLs CP uses. Without that save buffer overflow exploit this vulnerability would be useless. So CDPR is not really off the hook here. Unless it gets proven otherwise.