Mike Kristovich

**Name of the Vulnerable Software and Affected Versions** GameSpy 3D version 2.62 **Description** The issue allows remote attackers to use gaming servers as an amplifier in DDoS attacks with spoofed UDP query packets. This is demonstrated using Battlefield 1942, where small requests generate very large UDP responses. **Recommendations** For GameSpy 3D version 2.62, consider restricting access to the UDP query functionality to minimize the risk of exploitation. As a temporary workaround, limiting the size of UDP responses could help mitigate the issue until a more permanent fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GameSpy Arcade versions prior to 1.3e Description: A directory traversal issue in GSAPAK.EXE allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file. Recommendations: For versions prior to 1.3e, update to version 1.3e or later to resolve the issue. As a temporary workaround, consider restricting the execution of GSAPAK.EXE or limiting its access to trusted .APK files until the update is applied.