RSS   Vulnerabilities for 'First encounter assault recon'   RSS

2007-10-06
 
CVE-2007-5247

CWE-134
 

 
Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

 

 >>> Vendor: Monolith productions 12 Products
Contract jack
No one lives forever 2
TRON
Alien versus predator
Blood
Global operations
Kiss psycho circus
Legends of might and magic
No one lives forever
Sanity
Shogo
First encounter assault recon


Copyright 2024, cxsecurity.com

 

Back to Top