How was this possible? When the user clicks validate in CPU-Z, a buffer area 8192 bytes in size is created.
As long as client-side data is imported to the server without any checks, dangers exist. In the wrong hands, it is theoretically possible to inject malicious code. As you saw early in the post, it was possible to put an HTML link back to this website directly on the CPU-Z page. While the the writer did point out that CPU-Z has a good feature to validate a clock setting by using simple math, but also showed that CPU-Z can still be faked with an example as it doesn’t do any data integrity check of the validation file submitted by the user:ĭespite the validator’s ability to check for the validity of overclocking speeds, the site does not seem to care about the integrity of the other data.
But now personally I had doubts, that doubts have grown much stronger after knowing that CPU-Z validation file can be manipulated and approved.Īccording to the author, the validation information which can be saved locally lets it to export to either.
Over the series of days, I and many of you guys have been seeing a series of websites putting up CPU-Z screenshot leaks of unreleased processors and showing the overclocking potential (on boot, anyways) of the processor, like Haswell- and even GTX 700 series which claims to have DX12 support, but hack tricks have shown that CPU-Z validation can be hacked and approved by CPU-Z validation.
0 kommentar(er)
