DoS Exploit - (Realms & BDS)

UWP App Version: 1.12.28.0
Affects: Bedrock Dedicated Server & Realms, Player-Hosted Games
Exception (Event Viewer): Security check failure or stack buffer overrun

Exception appears on both client and server

Modifying this address in the UWP client app (Minecraft.Windows.exe+E9326A) with an unexpected multiplier value (Example of bad operation code: mulss xmm0,[Minecraft.Windows.web::websockets::client::details::websocket_client_task_impl::receive+2C139C]), results in an unhandled exception on the server when it normally expects a value of 0.50. The sequence of code in this region of memory is relevant to setting player position.

The actual cause of the unhandled exception appears to be due to an invalid vector resize (not prepared to handle allocating huge vectors for LevelChunks), possibly because it attempts to load every last chunk between the former player position and new player position which would also explain memory leaks that sometimes occurred as well.

The result is the server throwing an unhandled exception, the originating client becoming unresponsive, and the rest of the connected clients disconnecting.