Hotfix 1.12 promises a fix to a vulnerability that allowed crafted save files to take advantage of a buffer overflow, which redirected the running thread to an old DLL from 2010, at a fixed address which lacked modern protections. The vulnerability meant that save files, which are normally considered a bit safer to download, could essentially be turned into executables that could carry out “any locally executed virus” on a user’s PC - without the user noticing. For a more extended explanation, you can find my original story here - or simply listen to us chatting about it on this week’s Eurogamer Next-Gen News Cast: According to CDPR’s tweet, this “buffer overrun issue” has now been fixed, while it seems the troublesome DLL has been “removed/replaced.” The vulnerability was initially discovered by PixelRick, who found the exploit when reverse-engineering the game to develop a save editor. “I’d still like to remind people that some mods do contain executables files (.exe, .dll, .asi) that by nature represent a risk… and this threat is a constant one, whereas the vulnerability of sav.dat files is going to be patched,” PixelRick told me earlier this week. So, you heard PixelRick: always be careful when downloading your mods, but at least this save file exploit should be fixed thanks to the hotfix.
