EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
BID:9473
Info
EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9473 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-2099 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this vulnerability has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
EA Black Box Need for Speed Hot Pursuit 2 242.0 |
| Not Vulnerable: | |
Discussion
EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
Electronic Arts Black Box Need for Speed Hot Pursuit 2 game client has been reported prone to a remotely exploitable buffer overflow condition.
The issue presents itself in the client network connection routines, used by the client to negotiate a connection to a Need for Speed Hot Pursuit 2 game server. Due to a lack of sufficient bounds checking performed on certain parameters a malicious server may potentially corrupt sensitive process memory in the affected game client and ultimately execute arbitrary code with the privileges of the user who invoked the game.
Electronic Arts Black Box Need for Speed Hot Pursuit 2 game client has been reported prone to a remotely exploitable buffer overflow condition.
The issue presents itself in the client network connection routines, used by the client to negotiate a connection to a Need for Speed Hot Pursuit 2 game server. Due to a lack of sufficient bounds checking performed on certain parameters a malicious server may potentially corrupt sensitive process memory in the affected game client and ultimately execute arbitrary code with the privileges of the user who invoked the game.
Exploit / POC
EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
The following denial-of-service proof of concept has been supplied:
The following denial-of-service proof of concept has been supplied:
Solution / Fix
EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
References:
References:
- Need for Speed Hot Pursuit 2 Homepage (Electronic Arts)
- Need for Speed Hot pursuit 2 <= 242 client's buffer overflow (Luigi Auriemma
)