A few days ago, I released a public exploit for MoHAA servers, based on research by Luigi Auriemma. The exploit allowed remote code execution, and so I wrote a C program which exploits a server, and spawns a cmd.exe shell, which you can connect to remotely.
All Win32 servers were vulnerable to it (Linux is vulnerable also, although I haven't ported it), and EA refuse to patch the bug themselves, since they no longer support the game. Using this patch will make your Win32 server immune to this exploit, and also logs any attempts to exploit your server.
If the server is running, close it.
Extract moh_spearhead_server.exe and SHPatch.dll from this .zip to your MOHAA directory - usually "C:\Program Files\EA Games\MOHAA\". You should backup your old moh_spearhead_server.exe, incase you want to switch back in the future.
Now you should be able to start the server back up as normal, and it would be patched. If the patch works, you should see a welcome message show up in the servers console after a few seconds.
If someone attempts to exploit your server, the servers console will display something like:
*** Exploit attempt detected from 192.168.2.91. ***
Exploit attempts also get logged to a file, exploits.log, in your MOHAA folder. This also logs the date and time at which it occured.
-How it works------
I wrote a codecave in moh_spearhead_server.exe, which calls LoadLibraryA() with my DLL name (SHPatch.dll). This codecave gets called when the server is initializing.
The DLL detours the Winsock recvfrom() API, and checks to make sure the packet is not oversized. This stops the buffer from overflowing, and overwriting the stack.