Minecraft is one of the most popular games of all time, with millions of players relying on community-hosted servers. A 1-click server-to-client RCE vulnerability poses an extremely serious security threat.
We demonstrate how a 4-byte heap overflow in Minecraft Bedrock Edition can be abused to gain remote code execution on a client connecting to a malicious server. We walk through the process of shaping the heap and show how the Molang scripting engine can be used to bypass ASLR. As a last obstacle, the talk explains how Windows Control Flow Guard is sidestepped on this target to hijack client process execution.
Security researcher and Web3 auditor at OtterSec. Prior research includes Linux kernel, hypervisor, and browser exploitation. Extensive CTF experience with Crusaders of Rust and DiceGang.
