Live for Speed Skin Name Buffer Overflow Vulnerability
BID:26066
Info
Live for Speed Skin Name Buffer Overflow Vulnerability
| Bugtraq ID: | 26066 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5464 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 13 2007 12:00AM |
| Updated: | Jan 02 2008 08:10PM |
| Credit: | Luigi Auriemma is credited with the discovery of this vulnerability. |
| Vulnerable: |
Live for Speed Live for Speed S2 Live for Speed Live for Speed S1 Live for Speed Live for Speed Demo Live for Speed Live for Speed 0.5X10 |
| Not Vulnerable: | |
Discussion
Live for Speed Skin Name Buffer Overflow Vulnerability
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
UPDATE (December 24, 2007): The recently released Y patch does not address this issue. Please see the references for more information.
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
UPDATE (December 24, 2007): The recently released Y patch does not address this issue. Please see the references for more information.
Exploit / POC
Live for Speed Skin Name Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Live for Speed Skin Name Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Live for Speed Skin Name Buffer Overflow Vulnerability
References:
References:
- Live for Speed Homepage (Live For Speed)
- Update: Clients buffer-overflow in Live for Speed 0.5X10 (Luigi Auriemma