GameSpy Arcade Vulnerability Allows Arbitrary File Writing

ThreeZee Technology has discovered a vulnerability in GameSpy Arcade which will allow an attacker to write a file to any location on a victim's system.

Bridgeton, NJ, July 31, 2003 - ThreeZee Technology, Inc., an emerging leader in Network Security, announced a vulnerability in GameSpy Arcade which will allow an attacker to write a file to any location on a victim's system.

Their second major release of this week, ThreeZee Technology has announced a vulnerability in GameSpy Arcade (http://www.GameSpy.com) which gives an attacker the ability to discretely write a file of their choice to any location of a user's system, without permission. This could allow a virus, a trojan, or a file of the attacker's choice to be introduced into the victim's computer system.

"Keep in mind, your system will remain vulnerable even if you have installed Gamespy Arcade, but never ran it." - The advisory states.

Information for creating a temporary fix can be found in the advisory.

More information is available at the company's website: http://www.threezee.com

Direct link to HTML advisory:
http://www.threezee.com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=8&page=1

Direct link to TEXT advisory:
http://www.threezee.com/sections/security/tzt002.txt