Hallo, Wednesday, July 30, 2003, 11:20, Steve Rukuts <[EMAIL PROTECTED]> wrote:
> Of course people can do that. It's an issue with all software you > download, regardless of whether it's a mod for a game or a text editor > or something. Software like that can potentially contain malicious code. That's exactly what I was going to say, you'll always want to be sure from where you download mods etc., just as with any other software you download. Of course this is a security risk, but not a risk that can be dealt with somehow. You'll just have to believe the mod authors, just as you believe Microsoft (uhoh, bad example?). The liblist.gam overflow is also not something serious. Why fiddle around with liblist.gam when you can erase the complete harddisk via a call in the dlls? In addition, all these "security risks" are local risks, i.e. you have to actually download and run something before anything can happen to your computer. However, there are two more advisories that were released. And those two are indeed serious security risks, as they are remotely exploitable: 1: http://www.pivx.com/luigi/adv/hlbof-client-adv.txt 2: http://www.pivx.com/luigi/adv/hlbof-server-adv.txt -- Sebastian Steinlechner <[EMAIL PROTECTED]> // www.resourcecode.de "In the beginning the Universe was created. This had made a lot of people very angry and been widely regarded as a bad move." - Douglas Adams _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders