Newest Post: Ner'zhul.Seraphim: More Speed and Defense / Patch Note No. 1A

Good evening, readers. I see Ner'zhul.Seraphim got a nice reception a fter having released her some weeks ago, but  the VoidShell library's CPU intensive use makes her nearly unusable, even for high-end computers.  ... Therefore, I have plans on releasing an optimization update that improves the character's average framerate, while trying to reduce the general CPU average used by the main library. General code optimization in the character's state files and a new version of VoidShell are featured in this patch update, so do not expect visible visual improvements in her skill set, but you will see them smoothly now. Cool, right? Art asset created by SlenderFreak17 This character update can be downloaded by clicking on the main thumbnail, and  the download link of her main entry will eventually be updated, so no worries. After seeing the current state of VoidShell, I really never thought that single Eikidankai Framework module would be finally completed, so I do not know ...
0

M.U.G.E.N 1.00: ST Filepath - Buffer Overflow Attack

Good evening, friends.
It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability.

This research was born from Nomi's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; and as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain.

This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only.

(> Full information about this engine vulnerability can be found here. <)

Sample Picture - Barkiel vs Einherjar

Note:
Due to nature of the ROP exploit technique, do not expect this exploit to work on all the computers, so beware of it.

Well, that is all for today, have a nice day.