The Sims Online uses an unsafe function to read variable-length strings from message packets, leading to a stack buffer overflow which can be used to gain arbitrary code execution on the client/server. Both Client Mode and HouseSimServer Mode are vulnerable. In TSO, "messages" are classes which inherit from cIGZMessage. Messages can be passed in packets (inside a DBRequestWrapperPDU, for example) and are used for game events, such as object spawning, player actions, etc. The complete list of regulators and the messages they listen to can be found here. The message layer of the TSO protocol includes a string with a variable-length encoding for the length, whereby the length field can be one or more bytes large. If the first byte's most significant bit (msb) is not set, then the byte is used as is. Otherwise, the bottom 7 bits of the first byte are used as the bottom 7 bits of th...