New Patch for CoD4 ( 1.7 )

tictacman08 · **Joined:** 27 Jun 2008 07:41 **Posts:** 27

As you know 1.6 was just released a few weeks ago, now 1.7 has been released as of yesterday the 27th of June.

Here are the fixes:

This is an incremental patch so you will need to first install the v1.6 patch.

- Fixed an exploit that allowed players to access certain console dvars during multi-player matches.

- Fixed a crash that could occur when a Chinatown Sabotage match would go into over-time.

- Fixed a bug where the MP icons (Bomb, Defend, Capture, etc) were always showing up as English regardless of the install language.

I was just curious if you had a chance to take a look at the client and see if there is anything still exploitable such as something similar to your recent advisory.

aluigi · **Posted:** 28 Jun 2008 22:42

1.7 is vulnerable to the same bugs described in the cod4vamap advisory

SomaFM · **Joined:** 16 Aug 2007 06:25 **Posts:** 367

It appears that the bug has been fixed (either by the patch, or by punkbuster) because it's not working for me anymore. I also tried multiple servers. This is the error it gives:

http://img58.imageshack.us/img58/2124/cod4ko3.jpg

aluigi · **Posted:** 29 Jun 2008 16:06

probably punkbuster because here I have tested it without PB (all the tests in my fields must be performed ever without third party stuff) and worked.

In fact although the 1.7 patch has been released 5 days after my advisory, the executable is a build of the 18th June.

peppe1973 · **Joined:** 20 Jul 2008 22:47 **Posts:** 2

Hi, I have a COD4 1.7 windows server.
I've tested the exploits COD4va and COD4map on my server, either with and without PB activated, and the exploits don't work at all.
Anyway my server receives many attacks per day and it crashes on every attack with the well known error: "ERROR: Attempted to overrun string in call to va()".
Is possible that my server is under attack with a different exploit causing the same crash error? If so, which exploit? How can I fix it?
Thanks, Luigi. Regards.

aluigi · **Posted:** 20 Jul 2008 23:20

the va() error message you receive is exactly the cod4va bug.
sincerely I don't have idea why when you test it from your client the server doesn't seem exploitable, it's really very strange.

Luckily fixing it is very simple:

http://aluigi.org/patches.htm#cod

it's the first patch in the list and should work with 1.7 too

peppe1973 · **Joined:** 20 Jul 2008 22:47 **Posts:** 2

Hi Luigi, yesterday morning I've fixed my server with your patch, and now are 40 hours that my server is up without any crash.
So the problem seems to be solved.
Thank you very much for your help.
God bless you.
Regards.

Luigi Auriemma

New Patch for CoD4 ( 1.7 )