Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6712

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6712
Last Modified 13 Apr 2009 12:00:00
Published 10 Apr 2009 06:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6712

Summary

The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.

Vulnerable Systems

Application

  • Ea Crysis 1.1

  • Ea Crysis 1.2

  • Ea Crysis 1.21


References

XF - crysis-httpxmlrpc-dos(43126)

BID - 29759

BUGTRAQ - 20080616 NULL pointer in the HTTP/XML-RPC service of Crysis 1.21

SECUNIA - 30675

OSVDB - 46261

FULLDISC - 20080618 NULL pointer in the HTTP/XML-RPC service of Crysis 1.21

MISC - http://aluigi.org/poc/dontcrysis.txt


Last Updated: 27 May 2016 10:49:18