Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| GameSpy SDK Buffer Overflow May Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-12-14 by ReCall
Views: 413
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Luigi Auriemma reported a buffer overflow vulnerability in the GameSpy SDK in the CD key validation. Games using the SDK may be affected.
It is reported that a remote user can send a specially crafted response to the target server. If the target server does not properly validate (limit) user-supplied input, then the remote user may be able to cause the target service to crash or potentially execute arbitary code. Depending on the game, the remote user may need to be authenticated to exploit this flaw.
A demonstration exploit for the Gore game (which uses the GameSpy SDK) is available at:
http://aluigi.altervista.org/poc/goregsbof.zip
Impact: A remote user may be able to cause the target service to crash or potentially execute arbitary code. The specific impact depends on the application that implements the affected SDK function.
Solution: The vendor issued a fix on November 19, 2004.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1202
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
