More YYG Instant Play Vulnerabilities

After earlier discovering an exploit that enabled a Firefox extension to secretly be downloaded whilst a user runs an Instant Play application James Rhodes has discovered several more vulnerabilities in YoYo Games’ Instant Play feature.

One vulnerability can fetch the login hash of Windows XP user’s logged into YoYo Games if they have selected the “Remember Me” feature. This feature uses cookies to store login data and when Instant Play is run from Internet Explorer the cookie, and hence the hash, can be accessed.

The Remember Me feature gives the user one month of automatic logins, and the extracted data could easily be sent back to a server using 39dll which could give a hacker access to your YoYo Games account.

A simple path modification means that the same opperation can easily be performed to users of the Windows Vista OS.

This proves another point I’m going to make about Game Maker/Instant Play security.

Why does Game Maker have access to the user’s cookies? Why does Game Maker have access to the system32 directory?

None of these things should be able to be accessed by Game Maker, and certainly shouldn’t be allowed when it’s running as Instant Play.

This example grabs your login information for YYG (if you are using Internet Explorer), and shows it to you. THE DATA IS NOT SENT ANYWHERE.
– James Rhodes

Another vulnerability supposedly gives games an automatic 5-star rating however at the time of writing I was unable to verify this.

5 Replies to “More YYG Instant Play Vulnerabilities”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.