The most recent Cyberpunk 2077 hotfix addresses a recent concern about modders' ability to exploit a vulnerability in the game to allow remote code to be executed on the machine running the mod.
The vulnerability in question allowed for crafted save files to take advantage of a buffer overflow, allowing it to redirect the running thread to an old DLL file at a fixed address that lacked modern protections. This would enable save files, and mods, to execute code locally, without the user knowing that it is happening.
Hotfix 1.12 is being distributed to the PC version of Cyberpunk 2077. On top of the vulnerability, the hotfix also fixes some issues with buffer overruns and removes all non-ASLR DDL files.
Hotfix 1.12 is now available on PC!— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf