MCL-10795Clicking on "View Crash Report" can execute any file
When you write to log outputĀ
@!@# Game crashed! Crash report saved to: #@!@# C:\Windows\system32\notepad.exe
Minecraft Launcher will parse this and after click "View crash report", it runs an executable file (like calculator, notepad). It can also download a file from Samba server (for example:
IP address\executable file or .hta). Of course, Minecraft Launcher will show "Game crash" only if the exit code is other than 0, so the easiest way from the multiplayer server is spam a lot of items with large NBT and crash outofmemory (Minecraft won't create a new file if there'is a problem in native with OOM). Please block is, for example:
- checking if a file ends with .txt,
- grabbing file location only after "---- Minecraft Crash Report ----" in logs,
- checking if the file starts with "---- Minecraft Crash Report ----"
