CVE-2004-1500
published 2004-12-31CVE-2004-1500: Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
1.88%
76.9th percentile
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freeform_interactive | purge_jihad | — | — |
| monolith_productions | alien_versus_predator | — | — |
| monolith_productions | blood | — | — |
| monolith_productions | contract_jack | — | — |
| monolith_productions | first_encounter_assault_recon | <= 1.08 | — |
| monolith_productions | global_operations | — | — |
| monolith_productions | global_operations | — | — |
| monolith_productions | kiss_psycho_circus | — | — |
| monolith_productions | legends_of_might_and_magic | — | — |
| monolith_productions | no_one_lives_forever | — | — |
| monolith_productions | no_one_lives_forever | — | — |
| monolith_productions | sanity | — | — |
| monolith_productions | shogo | — | — |
| monolith_productions | tron | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mw5-93p4-vpwg: Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F
ghsa_unreviewed·2022-05-01·CVSS 2.1
CVE-2007-5247 [LOW] CWE-134 GHSA-9mw5-93p4-vpwg: Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F
Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
GHSA
GHSA-fg42-fgq3-gwpm: Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (applica
ghsa_unreviewed·2022-04-29
CVE-2004-1500 [LOW] GHSA-fg42-fgq3-gwpm: Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (applica
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/lithfs-adv.txthttp://marc.info/?l=bugtraq&m=109969394601331&w=2http://secunia.com/advisories/13116/http://secunia.com/advisories/17317http://www.securityfocus.com/bid/11610https://exchange.xforce.ibmcloud.com/vulnerabilities/17972http://aluigi.altervista.org/adv/lithfs-adv.txthttp://marc.info/?l=bugtraq&m=109969394601331&w=2http://secunia.com/advisories/13116/http://secunia.com/advisories/17317http://www.securityfocus.com/bid/11610https://exchange.xforce.ibmcloud.com/vulnerabilities/17972
2004-12-31
Published