An exploit has been discovered within the game Tera Online involving the in game chat, allowing users to insert HTML elements into chat that link to resources on external websites.
Basically, the in game chat in Tera uses HTML for markup. The problem is that exploiters have found a way to utilize a type of attack similar to XSS(cross site scripting). XSS can be used to trick the server into referencing to resources on external websites controlled by an attacker, such as an image, when the user’s input is ultimately outputed back to another user(such as when a chat message is loaded, in this case).
This has led to a huge scare in which users have speculated that it could lead to remote code executions on client’s computers, and therefore leading to malware or worse. This is highly unlikely based on my knowledge of web development. Tera uses a software framework known as Scaleform for its user interface. Scaleform uses HTML for markup, including images, as we’ve seen. I researched Scaleform’s HTML implementation and found that the htmlText property that exploiters found a way to modify does not support referencing scripts, and therefore cannot be used to execute remote scripts.
Currently Enmasse Entertainment has been deleting posts on their forums that mention the exploit, out of concern that the spread of information regarding the exploit will increase the prevalence of it. The exploit allegedly affects all versions of Tera in all regions. Gameforge has confirmed the issue, but requested that the OP remove specific details on how the exploit is executed.
According to Gameforge, the European publisher of Tera, they have contacted Bluehole Studios(the developer) regarding the vulnerability.
Edit: After discussing the issue with sources, it has come to my attention that the exploit can be used to reference internal actionscript functions, which may be used to execute existing functions arbitrarily. While these won’t cause damage to a users computer, it can lead to the game having unexpected behavior. Additionally, users have speculated about an underflow error with the libpng library that allows for arbitrary code execution if a modified .png file is loaded, an error that was patched In 2015. It is unknown if Tera uses an unpatched version of this C library or not. While this exploit has not been proven to work in Tera, users are concerned regarding the possibility that it could exist.