5th street 'dx8render.dll' Format String Vulnerability
BID:29928
Info
5th street 'dx8render.dll' Format String Vulnerability
| Bugtraq ID: | 29928 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3116 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | Blue Moon Consulting, superkhung |
| Vulnerable: |
Suzhou Snail Electronic Co. 5th street 0 |
| Not Vulnerable: | |
Discussion
5th street 'dx8render.dll' Format String Vulnerability
The '5th street' game is prone to a format-string vulnerability.
Exploiting this issue will allow attackers to execute arbitrary code with the privileges of a user running the application. Failed attacks will likely cause denial-of-service conditions.
The '5th street' game is prone to a format-string vulnerability.
Exploiting this issue will allow attackers to execute arbitrary code with the privileges of a user running the application. Failed attacks will likely cause denial-of-service conditions.
Exploit / POC
5th street 'dx8render.dll' Format String Vulnerability
When the following chat message is sent, the game client of every connected user will crash:
%5000000.x
When the following chat message is sent, the game client of every connected user will crash:
%5000000.x
Solution / Fix
5th street 'dx8render.dll' Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
5th street 'dx8render.dll' Format String Vulnerability
References:
References:
- 5th street Homepage (Suzhou Snail Electronic Co.)
- [BMSA 2008-07] Format string vulnerability in 5th street (Nam Nguyen
)