Skip to main content

Hackers hijacked PCs using Source Engine kill animation exploit

Audio player loading…

Counter-Strike: Global Offensive, Team Fortress 2, Portal 2 and other Source Engine games were all affected by a particularly nasty exploit until recently. Basically, by uploading custom assets into a custom map, hackers could use them to trigger a "buffer overflow vulnerability" which resulted in the victim PC being open to remote code execution.

In other words, merely shooting at an enemy could cause your machine to be remotely hijacked. The exploit was identified by One Up Security (via Motherboard) who notified Valve. 

"Valve's Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers," OUP's statement reads. "The vulnerability was exploited by fragging a player, which caused a specially crafted ragdoll model to be loaded. 

Multiple Source games were updated during the month of June 2017 to fix the vulnerability. Titles included CS:GO, TF2, Hl2:DM, Portal 2, and L4D2. We thank Valve for being very responsive and taking care of vulnerabilites swiftly. Valve patched and released updates for their more popular titles within a day."

For a demonstration of how it worked, this very short video tells you all you need to know. Death has never been so scary.

Shaun Prescott is the Australian editor of PC Gamer. With over ten years experience covering the games industry, his work has appeared on GamesRadar+, TechRadar, The Guardian, PLAY Magazine, the Sydney Morning Herald, and more. Specific interests include indie games, obscure Metroidvanias, speedrunning, experimental games and FPSs. He thinks Lulu by Metallica and Lou Reed is an all-time classic that will receive its due critical reappraisal one day.