Good evening, friends.
It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability.
This research was born from Nomi's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; and as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain.
This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only.
(> More information will be added soon <)
