Basically the attackers can upload files (dll in this specific exploitation) on clients and servers of Gmod and other Source games:http://steamcommunity.com/games/garrysm ... 2135333176
- the changelog is dated end of April 2014
- it's stated that the bug still affects the games based on the Source engine
- it has been actively exploited in the wild = very very very bad
- "As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names"
I guess that the issue is somewhat related to these old vulnerabilities dated 2009, yes 5 years ago:http://aluigi.org/adv/sourceupfile-adv.txthttp://www.facepunch.com/showthread.php?t=854605
It's not the first time that I see security issues affecting the Source engine that are partially fixed or can be replicated in other ways.