Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0771

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0771
Last Modified 05 Sep 2008 05:00:10
Published 18 Feb 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0771

Summary

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

Vulnerable Systems

Application

  • Even Balance Punkbuster 1.180


References

XF - punkbuster-cvars-format-string(24792)

BID - 16703

BUGTRAQ - 20060216 Soldier of Fortune II format string through PunkBuster 1.180

SREASON - 448

SECUNIA - 18917

MISC - http://aluigi.altervista.org/adv/sof2pbfs-adv.txt


Last Updated: 27 May 2016 10:41:48