cbcvebase.
CVE-2019-15943
published 2019-09-19

CVE-2019-15943: vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming…

PriorityP357high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
8.72%
94.5th percentile
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

Affected

1 ranges
VendorProductVersion rangeFixed in
valvesoftwarecounter-strike< 1.37.1.11.37.1.1

Detection & IOCsextracted from sources · hover to see the quote

filenamemc.bsp
pathC:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo\maps
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47454.bsp
  • Monitor for unusual .bsp map files being loaded from the CS:GO maps directory, especially files with corrupted or anomalous class name values (e.g., containing '=' character at offset 0x115703).
  • Alert on SEH chain corruption crashes originating from vphysics.dll during map loading in CS:GO, as this is the exploitability indicator identified by msec.dll (!exploitable).
  • Detect execution of the 'map mc' console command or loading of maps named 'mc.bsp' in CS:GO, which corresponds to the PoC trigger.
  • Flag CS:GO clients running versions prior to 1.37.1.1 connecting to untrusted/community servers, as the attack vector requires the victim to join an attacker-controlled server with a crafted map.
  • ·The vulnerability is triggered during map load via a memset call in vphysics.dll; exploitation requires the victim to actively join an attacker-controlled server and load the crafted .bsp map — it is not a passive/drive-by vector.
  • ·The PoC .bsp file (47454.bsp / mc.bsp) is publicly available on ExploitDB's binary sploits repository, lowering the barrier for exploitation.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.