Fraggy

Steam CoD4 patch breaks game - Our official repair guide

Recommended Posts

As many Steam gamers have noticed they got an update for Call of Duty 4 - Modern Warfare. This update was kinda breaking the game completely.

Here is how to fix this patch:

Download the file from this site here: https://eu.cybergamer.com/files/6412/

This is the main and original game executable from CoD4 1.7.

When done locate your CoD4 installation, there are 2 ways to find it. If you know where you Steam folder is you can find it on this way:

Open a new Windows Explorer Window. Go to your "Steam" folder (Which is likely in "C:\Program Files(X86)") then click on "steamapps" then "common" and then "Call of Duty 4". Here you got to your CoD4 folder.

Just in case you didn't find your CoD4 folder here is another way:

Open the Steam main window, then click Library, Games. Find in the left list "Call of Duty 4: Modern Warfare". Rightclick the game and choose properties. In the new window click on "Local Files" and then "Browse Local Files". Now you should be in your CoD4 folder.

 

Since you have now your CoD4 folder locate the file iw3mp.exe. Right click onto it and chose "Delete" and confirm it.

Now go to your before downloaded file then drag and drop it into your Cod4 folder.

Here you should be done with the guide. A reinstallation of CoD4X shall not be necessary as it remains installed even after the Steam update. It just does not activate in case the "iw3mp.exe" file gets replaced.

Edited by leiizko
  • Like 4

Share this post


Link to post
Share on other sites

Details about the vulnerability, its sense etc.

When was the vulnerability first time discovered? Well Treyarch has discovered this RCE vulnerability already within the development cycle of "CoD: BlackOps" (I did not check CoD:WaW) which got relased in year 2010. In BlackOps this vulnerability was purposefully patched by Treyarch but future CoD version developed by InfinityWards kept having that vulnerability. (You can think your own part about it. I am not going to rate it here.)

Edit: Although the affected function "MSG_ReadBitsCompress()" got a size parameter in CoD: BlackOps this parameter is actually ignored for the Huffman decompression. So prior information was false. Sorry for that.

I for my self know about this issue for about 5 years. However in CoD4 this vulnerability is hardly possible to exploit at all. Because CoD4 allocates a static heap buffer which can be overflowed. Binary analysing told me that overflowing that heap allocated buffer has no critical effect and so it can not be exploited. What can happen by overflowing it? A function pointer of the command "snd_list" can be overwritten. As it is impossible to pass any arguments on this way and it can work only when you run a listenserver (snd_list is a client command), and the attacker needs rcon execute the command, this is very unrealistic to do any damage ever.

On CoDMW2 however this buffer was stack allocated (What I know about only for ca. 3 months)

So for CoD4 this patch is actually useless but it is now done anyway in a rushed action as you can see. Most do not even host servers with iw3mp.exe anyway. However CoD4 has another RCE vulnerability which is also not fixed in the latest patch Activision released. This vulnerability is totally unknown to Activision but from even bigger severity. Because this does affect clients. The full automatic installation and execution of CoD4X18 should actually show you how dangerous such a buffer overflow vulnerability is. Servers could actually also give you ransomware instead CoD4X18.

 

Using CoD4X18 does patch all this to me known vulnerabilities and also covers the one Activision patched right now. It is safer to obtain CoD4X18 from this site than joining any server which gives it maybe to you or maybe gives you something else.

Share this post


Link to post
Share on other sites

How about adding some message to next client update, warning people of the issues everytime they launch or whatever, because this will be an eternal problem if acti dont "fix"(whatever that means) whatever they broke.

Share this post


Link to post
Share on other sites
12 minutes ago, Kingwolf said:

How about adding some message to next client update, warning people of the issues everytime they launch or whatever, because this will be an eternal problem if acti dont "fix"(whatever that means) whatever they broke.

People affected by this would not be able to see the message anyway. Once it is confirmed that they won't push any new updates, only then it can be looked at to determine if there is an solution available that would not involve manually replacing the binary.

Edited by leiizko

Share this post


Link to post
Share on other sites
15 minutes ago, leiizko said:

People affected by this would not be able to see the message anyway. Once it is confirmed that they won't push any new updates, only then it can be looked at to determine if there is an solution available that would not involve manually replacing the binary.

 

Actually they could see the message if they have CoD4X installed already. Because this update does not affect the launcher. But Steam update dead patched it anyway already.

Share this post


Link to post
Share on other sites

People on steam complaining about the client being shown as 1.6. Can someone explain what that is all about?

Share this post


Link to post
Share on other sites
49 minutes ago, Kingwolf said:

People on steam complaining about the client being shown as 1.6. Can someone explain what that is all about?

thats the officially distributed version now. atvi reverted to 1.6 like 2 days ago. if you have installed cod4 through steam it will patch to 1.6 now. thats exactly the reason why fraggy started this topic ...

Share this post


Link to post
Share on other sites

why the hell would they do that lol. Maybe my teachers were right about the consequences of spaghetti code DD. 

Share this post


Link to post
Share on other sites

Would it be possible to get cod4x to show up on both 1.6 and 1.7 server list and when the player would join it would auto re-download the 1.7 iw3mp ?

Share this post


Link to post
Share on other sites

Because you have to know if the getinfo is from a 1.6 or 1.7 client. But you can't know it. So you don't know if you have to reply with protocol 5 or 6.

Share this post


Link to post
Share on other sites
On 4/28/2018 at 8:53 PM, Fraggy said:

 

Now go to your before downloaded file then drag and drop it into your Cod4 folder.

Here you should be done with the guide. A reinstallation of CoD4X shall not be necessary as it remains installed even after the Steam update. It just does not activate in case the "iw3mp.exe" file gets replaced.

Bro, please help i dont really know what does this mean actually cause i'm not an expert in computer settings....can give me more simple way what to do or give me some video to refer what should i done after this... i follow exactly what you said and now i stuck here

HELP !!!!.PNG

Share this post


Link to post
Share on other sites
14 minutes ago, Jason Chong said:

Bro, please help i dont really know what does this mean actually cause i'm not an expert in computer settings....can give me more simple way what to do or give me some video to refer what should i done after this... i follow exactly what you said and now i stuck here

HELP !!!!.PNG

Extract the iw3mp.exe from that .rar file (I am assuming its in there) and place it in that directory. Literally drag and drop.

Share this post


Link to post
Share on other sites

rightclick -> extract files here, for non-rocket-scientists

Share this post


Link to post
Share on other sites

en) if it does not work, download this iw3mp.exe and replace it with the old one
The English version of
iw3mp.exe, 99.9% works,
my guys did not complain, it's been a few days already, they are playing no problem
good luck

 

ru) если это не сработает, скачайте этот iw3mp.exe и замените на старый
Английская версия
iw3mp.exe, 99,9% работает,
мои ребята не жаловались, уже несколько дней прошло, они играют никакой проблемы
удачи

 

fr) Si ca ne marche pas, téléchargez ce fichier iw3mp.exe et remplacez-le par l'ancien.
La version est anglais i
iw3mp.exe, 99,9% fonctionne,
mes gars ne se sont pas plaints, ça fait déjà quelques jours, ils jouent sans problème
bonne chance

iw3mp.exe

Share this post


Link to post
Share on other sites

Another steam upgrade rolled out, ofc broke the cod4x. and fraggy's link just doesn't load up for me, ingre's exe just not found.. can someone post an mp pls..

(however now the client is officially 1.8.13620)

Share this post


Link to post
Share on other sites

please avoid posting unverified executables, thx

Share this post


Link to post
Share on other sites

CoD4 x18 works only with original 1.7 executable.

To get cod4x working again just the same procedure needed as for 1.6.

Also as this can be assumed to br the final version our update backend will probably be able to patch 1.8 Steam cod4 with a little downgrade soon. :D

 

Share this post


Link to post
Share on other sites

FYI, Steam, being Steam, updated the game again this morning and broke it again. Re-download iw3mp.exe from dpj and it will work.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.