General Graboids: Worms and Remote Code Execution in Command and Conquer
8 days ago
- #RCE
- #vulnerability
- #worm
- Vulnerabilities discovered in Command & Conquer: Generals (C&C:G) include a filename stack overflow, arbitrary file drop, and an out-of-bounds write.
- The game's network architecture exposes UDP ports 8086 (lobby) and 8088 (game state), with a peer-to-peer model requiring all clients to be accessible.
- Packet format includes XOR encryption with a hard-coded key, CRC32 checks, and a magic header, making it susceptible to manipulation.
- A worm was developed to exploit these vulnerabilities, capable of spreading to other players in the game and executing arbitrary commands.
- The worm uses Import Address Table (IAT) hooks to intercept network packets and inject malicious payloads.
- Community patches have been developed to address these issues, as EA Games considers the game end-of-life and does not provide official fixes.
- Timeline includes initial discovery in August 2025, coordination with EA Games, and subsequent community patch development by December 2025.