Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
BID:9671
Info
Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9671 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0290 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
Freeform Interactive Purge Jihad 2.0.1 Freeform Interactive Purge 1.4.7 |
| Not Vulnerable: | |
Discussion
Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
Freeform Interactive Purge and Purge Jihad game clients have been reported prone to a remotely exploitable buffer overflow condition.
The issue presents itself in the client network connection routines used by the client to negotiate a connection to a Purge/Purge Jihad game server. A malicious game server may exploit this condition to potentially corrupt sensitive process memory in the affected game client and ultimately execute arbitrary code with the privileges of the user who invoked the game.
Freeform Interactive Purge and Purge Jihad game clients have been reported prone to a remotely exploitable buffer overflow condition.
The issue presents itself in the client network connection routines used by the client to negotiate a connection to a Purge/Purge Jihad game server. A malicious game server may exploit this condition to potentially corrupt sensitive process memory in the affected game client and ultimately execute arbitrary code with the privileges of the user who invoked the game.
Exploit / POC
Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
The following denial-of-service proof of concept has been supplied:
The following denial-of-service proof of concept has been supplied:
Solution / Fix
Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Freeform Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow Vulnerability
References:
References:
- Purge/Purge Jihad Homepage (Freeform Interactive)
- Broadcast client buffer-overflow in Purge Jihad <= 2.0.1 (Luigi Auriemma