This was supposed to be a quick 2-3 day project over the holidays to learn some Windows pwn, but it ended up taking over a week 😅.

I might still write a blog post on it, but don't expect a full weaponized POC as the game is EOL.

I managed to get code execution through a Trackmania Nations Forever map.

By loading or joining a server with a malicious track, an attacker could potentially take over your system.

https://www.youtube.com/watch?v=MpfY8r-4xWI