####################################################################### Luigi Auriemma Application: CellFactor Revolution http://www.cellfactorrevolution.com Versions: <= 1.03 Platforms: Windows Bugs: A] format string B] buffer-overflow Exploitation: remote, versus server Date: 07 Sep 2007 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== CellFactor Revolution is a full freeware game realized for showing the power of the Ageia PhysX cards but it can be played on systems which don't have them. The game supports also multiplayer through LAN and direct IP. CellFactor is developed by Artificial Studios and uses their Reality Engine. ####################################################################### ======= 2) Bugs ======= ---------------- A] format string ---------------- A format string vulnerability is exploitable through malformed clients nicknames. ------------------ B] buffer-overflow ------------------ A buffer-overflow is exploitable through the message packets 0x21, 0x22 and 0x23. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/cellfucktor.zip ####################################################################### ====== 4) Fix ====== No fix. Seems that the game is no longer supported and the mail address bugs@artificialstudios.com is unexistent. #######################################################################