Cyberpunk 2077 gets patch to fix PC save file exploit • Eurogamer.net

After a security vulnerability involving crafted save files was spotted by modders, CD Projekt Red has now rolled out a PC hotfix for Cyberpunk 2077 – meaning that particular exploit should be solved.

Hotfix 1.12 promises a fix to a vulnerability that allowed crafted save files to take advantage of a buffer overflow, which redirected the running thread to an old DLL from 2010, at a fixed address which lacked modern protections. The vulnerability meant that save files, which are normally considered a bit safer to download, could essentially be turned into executables that could carry out “any locally executed virus” on a user’s PC – without the user noticing. For a more extended explanation, you can find my original story here – or simply listen to us chatting about it on this week’s Eurogamer Next-Gen News Cast:

Eurogamer Next-Gen News Cast – Will PlayStation Studios publish more games on Xbox?

According to CDPR’s tweet, this “buffer overrun issue” has now been fixed, while it seems the troublesome DLL has been “removed/replaced.”

This content is hosted on an external platform, which will only display it if you accept targeting cookies. Please enable cookies to view.

The vulnerability was initially discovered by PixelRick, who found the exploit when reverse-engineering the game to develop a save editor.

“I’d still like to remind people that some mods do contain executables files (.exe, .dll, .asi) that by nature represent a risk… and this threat is a constant one, whereas the vulnerability of sav.dat files is going to be patched,” PixelRick told me earlier this week. So, you heard PixelRick: always be careful when downloading your mods, but at least this save file exploit should be fixed thanks to the hotfix.

Be the first to comment

Leave a Reply

Your email address will not be published.


*