Cyberpunk 2077 bug allows remote code execution

Yash Aryan

February 7, 2021

CD Projekt Red is warning its Cyberpunk 2077 users to be careful while using mods in the games. A recent discovery by Red Tools mod team member PixelRickyRick and Reddit user Romulus_Is_Here highlighted the bug in a DLL file that could be used to execute malicious code through buffer overflow to gain control of the user's PC. Initially thought to affect only PC users, it was confirmed that the bug also affects PlayStation 4 users. Although CD Projekt acknowledged the bug on February 2, it was made aware of the bug a week ago. The studio released a statement that said, "This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix." A patch was released today, i.e., February 8, that fixes this issue through Cyberpunk 2077 Hotfix 1.12.

Abridged fromBleeping Computer