PixelRick, CyberpunkSaveEditor creator, disclosed a vulnerability that affects Cyberpunk 2077. This exposure lets a buffer overflow vulnerability chained with a non-ASLR DLL (xinput1_3.dll) that allows specially crafted save games or modifications to perform code execution on a PC.
The vulnerability impacts DATA files. A buffer overflow can be triggered in the game when it loads those files.
Address space layout randomization, is a security feature that randomizes the memory regions (address space) utilized by a process. By doing this, vulnerability exploits must be tailor-made for a particular process as it is currently loaded into memory. If exploited, this vulnerability could have allowed attackers to execute commands on the computer, including download and installing malware.
CD Projekt Red already released a patch that fixes both vulnerabilities and is now available 1.12.