Print
Send to friend
RSS feedsA network security firm has identified a flaw in the first-person shoot 'em up Quake III Arena which could leave players' computers open to attack.
Internet Security Systems (ISS) notified Quake's manufacturers, id Software, about the vulnerability, that allows an attacker to read and write files on a player's computer system.
The flaw gives attackers the potential to put malicious code on any system that connects to a Quake III Arena server. If a player connects to a server run by an attacker, an attacker can read or write access files and can install Trojan horse programs.
A Trojan horse is a program disguised as another file. Running the file can enable an attacker to steal account passwords, modify or erase files, and use the victim's computer to perform denial of service attacks on others.
Kevin Black, director of sales and marketing at ISS, said: "Installing malicious code allows hackers to do anything at all. They can take complete control of a computer and therefore its network."
Black advises computer game players not to download or play games on company networks and to be wary of using these types of applications on their home computers.
The Quake III Arena version 1.16 for Windows is the version most at risk as it allows code to be automatically downloaded to the user's system for the purpose of manipulating files.
id Software has released a patch, version 1.17, which fixes the flaw. However, the fix will not be compatible with older and less secure versions of Quake III Arena.
ISS said it delayed announcing the security flaw until id Software had prepared a fix for the problem, ensuring attackers did not take advantage of the problem.
The fix is available for download at www.quake3arena.com.
Quake III Arena, which launched in the UK in December last year, can be played in single player or multiplayer mode. It has 32 characters that all fight with a different style through 26 deathmatch and four flag capture levels.
