The makers of Call of Duty: World War 2 have temporarily removed its PC version from sale amid multiple reports of remote code execution (RCE) attacks on players during live multiplayer matches. The game was released through Xbox’s GamePass service in June and has since been plagued by hackers exploiting vulnerabilities to gain control over victim computers.
Players reported their PCs freezing, being shut down, or having desktop pictures changed to explicit images. Cybersecurity firm MalwareBytes suggests the issue stems from older games transitioning from dedicated servers to peer-to-peer networking, making players’ machines vulnerable to hacking.
This is not the first time hackers have exploited vulnerabilities in Call of Duty’s codebase to disrupt other players. Researchers previously identified CVEs with proof-of-concept code for gaining remote access to the game through Steam.
The investigation into the RCE attacks continues, but the game’s status remains unclear. EA/Activision has not provided an update since Saturday, leaving players without a clear resolution to the issue.
Source: https://cyberscoop.com/call-of-duty-remote-code-execution-pc-game-offline