CVE-2008-1127
published 2008-03-03CVE-2008-1127: Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string…
PriorityP431medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
2.99%
85.6th percentile
Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crytek | crysis | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
exploitdb·2008-12-09
CVE-2008-5660 Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Vinagre show_error() format string vulnerability
1. *Advisory Information*
Title: Vinagre show_error() format string vulnerability
Advisory ID: CORE-2008-1127
Advisory URL: http://www.coresecurity.com/content/vinagre-format-string
Date published: 2008-12-09
Date of last update: 2008-12-09
Vendors contacted: Vinagre team
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Format string
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 32682
CVE Name: N/A
3. *Vulnerability Description*
Vinagre [1] is a VNC client for the GNOME Desktop. A format string err
Exploit-DB
Crysis 1.1.1.5879 - Remote Format String Denial of Service (PoC)
exploitdb·2008-02-28
CVE-2008-1127 Crysis 1.1.1.5879 - Remote Format String Denial of Service (PoC)
Crysis 1.1.1.5879 - Remote Format String Denial of Service (PoC)
---
The Crysis engine passes along internal debug strings through the game. One of them is passed to vsprintf() in the crt lib:
30503263 8D8C24 10100000 LEA ECX,DWORD PTR SS:[ESP+1010]
3050326A 51 PUSH ECX
3050326B 50 PUSH EAX
3050326C 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+8]
30503270 52 PUSH EDX
30503271 FF15 F8A17530 CALL DWORD PTR DS:[] ; MSVCR80.vsprintf
0032CAD8 30503277 w2P0 /CALL to vsprintf from cryactio.30503271
0032CADC 0032CAE8 èÊ2. |buffer = 0032CAE8
0032CAE0 0032DAF8 øÚ2. |format = "Pathfinding in animation graph failed (LONGPOKE%SAAAAAAAA) - no path from 'Parachute_Float_NW' to 'X_Combat_IdleAimingNull_NW'" ; Your name is passed in as part of the format. This is a nono...
0032CAE4 0032DAF8 øÚ2. \arglist
No writeups or analysis indexed.
http://secunia.com/advisories/29155http://www.securityfocus.com/bid/28039http://www.vupen.com/english/advisories/2008/0735https://www.exploit-db.com/exploits/5201http://secunia.com/advisories/29155http://www.securityfocus.com/bid/28039http://www.vupen.com/english/advisories/2008/0735https://www.exploit-db.com/exploits/5201
2008-03-03
Published