Counter-Strike 1.6 Multiple Remote Vulnerabilities

Bugtraq ID:	26077
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Oct 15 2007 12:00AM
Updated:	Oct 15 2007 11:08PM
Credit:	Nemessis is credited with the discovery of these vulnerabilities.
Vulnerable:	CS Team Counter-Strike 1.6
Not Vulnerable:

Counter-Strike 1.6 Multiple Remote Vulnerabilities

Counter-Strike is prone to a multiple remote vulnerabilities, including multiple information-disclosure issues and a cross-site scripting issue.

An attacker can exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, and obtain sensitive information.

This issue affects Counter-Strike 1.6; other versions may also be affected.

Counter-Strike 1.6 Multiple Remote Vulnerabilities

An attacker can exploit these issues through a browser.

The following proof-of-concept URI for the cross-site scripting issue is available:

• /data/vulnerabilities/exploits/26077.html

Counter-Strike 1.6 Multiple Remote Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Counter-Strike 1.6 Multiple Remote Vulnerabilities

References:

• Counter-Strike 1.6 Product Download Page (CS Team)