CellFactor Revolution Format String and Buffer Overflow

2007.09.14
Risk: High
Local: No
Remote: Yes
CWE: N/A

####################################################################### Luigi Auriemma Application: CellFactor Revolution http://www.cellfactorrevolution.com Versions: <= 1.03 Platforms: Windows Bugs: A] format string B] buffer-overflow Exploitation: remote, versus server Date: 07 Sep 2007 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== CellFactor Revolution is a full freeware game realized for showing the power of the Ageia PhysX cards but it can be played on systems which don't have them. The game supports also multiplayer through LAN and direct IP. CellFactor is developed by Artificial Studios and uses their Reality Engine. ####################################################################### ======= 2) Bugs ======= ---------------- A] format string ---------------- A format string vulnerability is exploitable through malformed clients nicknames. ------------------ B] buffer-overflow ------------------ A buffer-overflow is exploitable through the message packets 0x21, 0x22 and 0x23. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/cellfucktor.zip ####################################################################### ====== 4) Fix ====== No fix. Seems that the game is no longer supported and the mail address bugs@artificialstudios.com is unexistent. #######################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top