Vulnerability CVE-2006-0771
Published: 2006-02-18   Modified: 2012-02-12

Description:
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

See advisories in our WLB2 database:
Topic
Author
Date
High
Soldier of Fortune II format string through PunkBuster 1.180
Luigi Auriemma
17.02.2006

Type:

CWE-134

 (Uncontrolled Format String)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Even balance -> Punkbuster 

 References:
http://aluigi.altervista.org/adv/sof2pbfs-adv.txt
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html
http://securityreason.com/securityalert/448
http://www.securityfocus.com/archive/1/425286/100/0/threaded
http://www.securityfocus.com/bid/16703
https://exchange.xforce.ibmcloud.com/vulnerabilities/24792
Copyright 2024, cxsecurity.com

 

Back to Top