14 DAY TRIAL // Players of Call of Duty 4: Modern Warfare are advised to restrict the access to game servers only to trusted users because a new vulnerability has been spotted on the web which may cause a Denial of Service. Security company Secunia rated the flaw as moderately critical and said that the vulnerability had been confirmed in version 1.5, but other releases may be affected as well. "The vulnerability is caused due to an input validation error when processing type 7 "stats" commands and can be exploited to cause the server to crash via a specially crafted "stats" packet," Secunia explained.
Luigi Auriemma, who discovered the vulnerability, explained that "if a client uses it, the remote server will crash due to a memcpy() with a negative size value (the attacker has no control over the source data and this value)."
As mentioned, there's no fix available for the moment and, according to security company Secunia, the only way to avoid a potential exploit is to restrict the access to the service and allow only the connection of trusted people.
Call of Duty 4: Modern Warfare was released on November 9, 2007 in Europe and on November 6, 2007 in North America, being one of the most expected titles of the year. Developed by Infinity Ward and published by Activision, Call of Duty 4: Modern Warfare is available on multiple platforms, including here Xbox 360, Playstation 3 and PC. Moreover, the developer plans to bring out a new version of the game, scheduled for May 2008, which is supposed to work on Mac OS X systems.
Luigi Auriemma says there are more than 15,000 Call of Duty 4 servers out there, which underlines the need for a security patch that would protect vulnerable users. So, keep an eye on the news to find out when a new fix addressing this glitch is officially rolled out.