Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1127

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-1127
Last Modified 07 Mar 2011 10:05:59
Published 03 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-1127

Summary

Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

Vulnerable Systems

Application

  • Crytek Crysis 1.1.1.5879


References

VUPEN - ADV-2008-0735

BID - 28039

MILW0RM - 5201

SECUNIA - 29155


Last Updated: 27 May 2016 10:47:02