Page MenuHomeFeedback Tracker

Exploit in createunit causes remote exec to bypass filters
Closed, ResolvedPublic


I can provide more information if needed.


Legacy ID

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Serious Security Flaw - Fix It

Um Security, Oh Great Eating Doughnuts again! Fix The Exploits A.S.A.P

FltMed added a subscriber: FltMed.May 7 2016, 7:32 PM
FltMed added a comment.Oct 2 2014, 5:43 AM

Please fix

Axle added a subscriber: Axle.May 7 2016, 7:32 PM
Axle added a comment.Oct 2 2014, 6:28 AM

100% needing fixing. This can ruin Arma as a whole.

Itsyuka added a subscriber: Itsyuka.May 7 2016, 7:32 PM

God learn how to use scripts.txt, 5 "createUnit"

DubFire added a subscriber: DubFire.May 7 2016, 7:32 PM

Please FIX!

Nic added a subscriber: Nic.May 7 2016, 7:32 PM
Nic added a comment.Oct 2 2014, 7:07 AM

This is going to ruin the whole game please fix.

Axle added a comment.Oct 2 2014, 7:08 AM

Would be great to use scripts.txt if it wasn't completely bypassed....

nedfox added a subscriber: nedfox.May 7 2016, 7:32 PM
nedfox added a comment.Oct 2 2014, 7:31 AM

Please fix this vulnerability ASAP.

Fix this exploit now it needed for the whole community so it cannot be used to ruin everyone's day in game & kill a server.

waynewr added a subscriber: waynewr.May 7 2016, 7:32 PM
AerO added a subscriber: AerO.May 7 2016, 7:32 PM
AerO added a comment.Oct 2 2014, 7:46 AM

Pleas fix this, you must want to fix your game.

great game ruined atm, please fix

This issue is a serious security concern and warrants immediate attention to correct the gaping hole in server security.

Berreta added a subscriber: Berreta.May 7 2016, 7:32 PM

Needs Fixing ASAP BI

Needs t o be fixed. Security flaws shouldn't exist to this extent in a game with your name on it BI!

fix this issue asap please

Please fix this.

Let's get this done already....

You realize the more you guys say "FIX IT" and not put anything productive is pointless and causes spam. To the guy who said, "Go here and spam the notes because it'll bump it". No it doesn't bump it, vote it and don't add a note.

abbylad added a subscriber: abbylad.May 7 2016, 7:32 PM

Come on BI, this is a biggy!

This needs attention ASAP

We need this now !

sohun added a subscriber: sohun.May 7 2016, 7:32 PM
sohun added a comment.Oct 2 2014, 11:33 AM

security glitch, fix it plx

Please fix this security issue, is really important!!

Iceman added a comment.Oct 2 2014, 2:00 PM

Hey, you can take it easy now, it's being investigated with critical priority.

Fix this Please!

zooi added a subscriber: zooi.May 7 2016, 7:32 PM
zooi added a comment.Oct 2 2014, 2:42 PM

Please fix this, as "hackers" are ruining the servers!

Edit: Thanks Iceman =]

@Iceman thank you for your time.
@Gay no its the epoch community wanting this fixed due to the fact that the servers have been taken off public access because of scripters (i.e. the down voters) abusing this.

Actually, I down voted because I'm having problems reproducing the exploit. Doesn't matter anyway.

Please fix this issue.

Suppe added a subscriber: Suppe.May 7 2016, 7:32 PM
Suppe added a comment.Oct 2 2014, 7:42 PM

Please fix, Makes playing multiplayer unplayable with all the hackers

this could be blocked but another way, not. :/

@Gav, I read it as "Gay" at first as well..

cring0 added a subscriber: cring0.May 7 2016, 7:32 PM
cring0 added a comment.Oct 3 2014, 7:26 AM

Thank you for taking your time to look into it, it means a lot to the Epoch mod community especially!

@Kenshiroichi and everyone else, there is "private" tickbox, please use it and dont post links to hack forums or hack repros in public.

@Dwarden. You've known about it? Meaning we won't see a fix for it anytime soon?

s2ta added a comment.Oct 4 2014, 11:53 PM

@Dwarden This should be a top priority. You seem to be nonchalant in the resolve of this of exploit. Sense of urgency please.

It won't be long before people start complaining about how long its going to take...

MrMuzu added a comment.Oct 5 2014, 2:46 PM

@TakeHomeTheCup Arma 3 Mod with over 5000 players cannot work and developers of that mod are blackmailed with this exploit, so what's you'r point?

@Dwarden This was reported to you instantly when this exploit was used to eventually bring down public servers for the Mod. Make Arma, not war?

WIP means "Work In Progress" ...
you ignoring fact that any solution needs to be tested too ...
so you must endure and wait until the fix

MrMuzu added a comment.Oct 5 2014, 8:54 PM

@Dwarden will the test be in the developer branch or RC? Thanks for the heads up anyway, frustrating exploit never the less.

@Dwarden That isn't the statement that was "of note" - the "we know about it for some time" is. Hacking In Arma 2, as well as the whole beta test hack fiasco makes statements like this seem that developers are not on top of exploits and cheaters. I think a statement like that needs a bit of explaining.

security and exploits always were priority
so I think I don't need explain anything to You ...
no idea what you mean with "Beta test hack fiasco" there was no such test ...
you just assume something and you assume wrong ...

Yeah.... I don't think so...

I have screen shots from the Beta buy-in when a Hacker took over every server with a very clever hack that infected the client, and when the client would join the next server he would bring the hack with him. The hack involved a message across the client screen stating he would continue to hold the game hostage until you fixed something..

Your attitude sums up what I think of your company. We are your paying consumers and you saying "we know about it for some time" says "we knew about it but yet again didn't think enough of it to do anything about it until it became a problem, and it just did, whoops!"

If they knew about it and it was a top priority for them, then maybe its simply harder then we think it is.

here's an idea that might actually work... Instead of relying on a third party to provide your game with anti cheat measures why don't you actually make it yourself and hardcode it into the engine... Oh shock horror wait no as then BE would be out of business.

@TakeHomeTheCup That would be the kind of reply I would be expecting, not "I don't have to explain anything to you!".

Don't get mad at me because you got caught with your pants down yet again.

Axle added a comment.Oct 6 2014, 2:52 AM

Guys please don't make personal attacks towards BI They may have known about it for a long time, but they may not have known how to replicate it. Now they do and they are working on it.

Please let them do their jobs.

Thank you Dwarden for your responses.

dazhbog added a subscriber: dazhbog.May 7 2016, 7:32 PM

Hey guys,

as Dwarden said exploits like this one are of the highest priority to us and we are currently hard at work on the fix. We are targeting the upcoming stable patch version 1.32.

Thanks for your patience.

SOUK added a subscriber: SOUK.May 7 2016, 7:32 PM
SOUK added a comment.Oct 6 2014, 4:27 PM

BI, Please fix asap!

So, even if its fixed anytime soon, they'll have to wait for 1.32?

1.32, is like the next update isn't it? Shouldn't be long.

I think it's supposed to be the November 4th update.

Yes, this will make sure it's all thoroughly tested, I guess.

EDIT: Actually, as pointed out in todays SITREP (, it looks like 1.32 could hit Steam this week. Or maybe next.

Does this mean the Helicopters DLC release date will be pushed? Or will the build version just be different?

Helicoper DLC is a different patch, probably 4th November. 1.32 will come this week or early next week.

Pydrex added a subscriber: Pydrex.May 7 2016, 7:32 PM

Hopefully this will be resolved soon, Currently hackers everywhere with no way to log them

Quick update - we have the fix ready and are testing it internally. As already mentioned it will be part of the upcoming 1.32 stable patch which should be released this or the next week. It does not change the release date of the Helicopters DLC.

Thanks for this update, good job! ;)

MrMuzu added a comment.Oct 8 2014, 4:27 PM

Double thumbs up for the Dev team, thanks for fíxing it so quickly

Mass-closing all resolved issues not updated in the last month.

Please PM me in BI Forums ( if you feel your bug was closed in error.