CDPR says it is working on a solution.
After discovering a storage file exploit, CD Projekt Red told players to ‘be careful’ when downloading files of unknown origin for use in Cyberpunk 2077.
In a statement to Eurogamer, CDPR explains a bit about the nature of the vulnerability:
“A group of community members have approached us to address an issue with the external DLLs that the game uses. This issue could potentially be used as part of an external code execution on computers. We appreciate their input and work to fix it as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone planning to use mods or personal savings for Cyberpunk 2077 should be careful until we release the above solution. “
Eurogamer Next-Gen News Cast – Should Sony issue refund for control on PS5?
According to the modeling community member PixelRick, who is acknowledged to have discovered the problem, ‘the storage file’s vulnerability’ is not hard to find, but it’s a matter of luck [is] troublesome to exploit, “describes it as a” vulnerability of the game and not a vulnerability of human nature. buffer overflow. This buffer overflow can be used to redirect the running thread to an old DLL, to a fixed known address that does not have modern protection. In essence, the vulnerability makes a non-executable file executable, which is a locally executed virus “. In addition, “the created storage file may be silent. After closing the popup I open, the correct storage file data is loaded through the game without any errors,” PixelRick added.
“This is the trust system that is being undermined, as you have to be able to trust that the modes of the data file are harmless, and only be skeptical about executable programs in general.” PixelRick said. “This vulnerability makes it impossible to truly trust any modified data file for this game until [the] plaster. “
After the abuse was found, PixelRick reported the vulnerability to the driver of the Cyberpunk 2077 muddy Discord, and the information was passed on to CDPR. A temporary solution has been created for Cyber Engine Tweaks, a popular modeling tool for Cyberpunk 2077, to discontinue users until CDPR can issue an official patch. Although so far this exploit does not seem to have been noticed “in nature” on sites like Nexus Mods, it is probably best to avoid downloading storage files until the official solution is introduced.