#######################################################################

                             Luigi Auriemma

Application:  Halo: Combat Evolved
              http://www.microsoft.com/games/pc/halo.aspx
Versions:     <= 1.07
Platforms:    Windows
Bug:          endless loop
Exploitation: remote, versus server
Date:         29 Jun 2008
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Halo is the great FPS game developed by Bungie Studios and ported on PC
by Gearbox Software (http://www.gearboxsoftware.com).
Although it has been released at the end of 2003, it's still one of the
most played games with hundreds of internet servers.


#######################################################################

======
2) Bug
======


This vulnerability is exactly like the old one I found over 3 years ago
in version 1.06 (haloloop) and which was fixed (or it's the case of
saying partially fixed) in version 1.07: an endless loop caused by a
malformed in-game packet which freezes completely the server.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/haloloop2.zip


#######################################################################

======
4) Fix
======


No fix.

UPDATE 04 Jul 2008:
  http://www.bungie.net/Forums/posts.aspx?postID=22895922&viewreplies=false


#######################################################################