Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-5248

Published: 06/10/2007 Updated: 15/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Id Software

Vulnerability Summary

Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and previous versions, Quake 4 1.4.2 and previous versions, and Prey 1.3 and previous versions, when Punkbuster (PB) is enabled, allow remote malicious users to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

Vulnerable Product Search on Vulmon Subscribe to Product

id software doom 3

id software quake 4

take2games prey

Exploits

Exploit DB: id Software Doom 3 Engine - Console String Visualization Format String
source: wwwsecurityfocuscom/bid/25893/info id Software Doom 3 engine is prone to a format-string vulnerability Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application Failed attacks will likely cause denial-of-service conditions Several games that use the Doom 3 engi ...

References

CWE-134http://aluigi.altervista.org/adv/d3engfspb-adv.txthttp://aluigi.org/poc/d3engfspb.ziphttp://www.securityfocus.com/bid/25893http://secunia.com/advisories/27002http://secunia.com/advisories/27023http://secunia.com/advisories/27036http://securityreason.com/securityalert/3196http://www.vupen.com/english/advisories/2007/3333https://exchange.xforce.ibmcloud.com/vulnerabilities/36899http://www.securityfocus.com/archive/1/481229/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/30630/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-35977CVE-2023-49335man-in-the-middleCVE-2024-4947CVE-2024-31714memory leakSQLCVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook