CVE-2007-4257
published 2007-08-08CVE-2007-4257: Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.77%
90.8th percentile
Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfs | live_for_speed | — | — |
| lfs | live_for_speed | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Live for Speed S1/S2/Demo - '.spr' Local Buffer Overflow
exploitdb·2007-08-06
CVE-2007-4257 Live for Speed S1/S2/Demo - '.spr' Local Buffer Overflow
Live for Speed S1/S2/Demo - '.spr' Local Buffer Overflow
---
/**
0day Live for speed patch x s2 /s1 and demo local .Spr File buffer over flow
Spr file's are also exploitable although i had to go about it a different
Way,At first it wasn't possible to do a jmp esp,But with a little more buffer i
Managed to get it to point to our shell code,The .spr file's are single player
Replay file's the structure is totally different,This is why i wrote the second
Exploit,Because you cant use the mpr file's.It's totally different to exploit this.
Where the mpr file the buffer over flow was in the car name.This is in the actual
user name of the person in the race.The eip was over written in a totally different
place.Where the .mpr file's go in the mpr folder the spr file's have a totally
different fold
Exploit-DB
Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
exploitdb·2007-08-06
CVE-2007-4257 Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
---
/**
0day Live for speed patch x s2 /s1 and demo local .ply File buffer over flow
Live for speed .ply file is a set up file,This file is shared amongst user's
Who want stylish number plate's on there car's the buffer over flow happened with
An overly long number plate string inside the .ply file.So to exploit this issue
You have to get some one to put the .ply file inside there misc folder inside of
Lfs2,The buffer over flow happened when filling the number plate field with over
1000 byte's of buffer.Esp once again point's straight into our buffer/shellcode
This is the 3rd buffer over flow i have come across in lfs2,If your going to audit
An application do it properly and leave no stone unturned.This is a demonstration
Haw we ca
No writeups or analysis indexed.
http://osvdb.org/46768http://osvdb.org/46769http://www.securityfocus.com/bid/25206http://www.securityfocus.com/bid/25208https://www.exploit-db.com/exploits/4262https://www.exploit-db.com/exploits/4263http://osvdb.org/46768http://osvdb.org/46769http://www.securityfocus.com/bid/25206http://www.securityfocus.com/bid/25208https://www.exploit-db.com/exploits/4262https://www.exploit-db.com/exploits/4263
2007-08-08
Published