Warrior Kings和Warrior Kings: Battles远程格式串处理漏洞

Warrior Kings和Warrior Kings: Battles远程格式串处理漏洞

漏洞ID 1108802 漏洞类型 格式化字符串
发布时间 2005-05-23 更新时间 2005-10-20
图片[1]-Warrior Kings和Warrior Kings: Battles远程格式串处理漏洞-安全小百科CVE编号 CVE-2005-1702
图片[2]-Warrior Kings和Warrior Kings: Battles远程格式串处理漏洞-安全小百科CNNVD-ID CNNVD-200505-1167
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25691
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1167
|漏洞详情
WarriorKings:Battles是一款由BlackCactus开发的实时战略游戏。WarriorKings和WarriorKings:Battles中存在远程格式串漏洞,远程攻击者可能利用这个漏洞导致游戏服务器崩溃,或执行任意代码。起因是应用程序没有安全的执行格式化打印函数。攻击者可以通过畸形的昵称来利用这个漏洞,但如果服务器锁定了的话就无法利用这个漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/13711/info

Warrior Kings, and Warrior Kings: Battles are vulnerable to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatting printing function.

This vulnerability allows remote attackers to crash affected game servers. Due to the nature of this vulnerability, it is also likely that attackers may cause arbitrary machine code to be executed in the context of the affected game server. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25691-1.zip

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25691-2.zip
|参考资料

来源:BID
名称:13711
链接:http://www.securityfocus.com/bid/13711
来源:MISC
链接:http://aluigi.altervista.org/adv/warkings-adv.txt
来源:SECTRACK
名称:1014041
链接:http://securitytracker.com/id?1014041
来源:SECTRACK
名称:1014040
链接:http://securitytracker.com/id?1014040
来源:SECUNIA
名称:15482
链接:http://secunia.com/advisories/15482
来源:BUGTRAQ
名称:20050523FormatstringandcrashinWarriorKings1.3andBattles1.23
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111686776303832&w;=2

相关推荐: Audiogalaxy Plaintext Password Storage Vulnerability

Audiogalaxy Plaintext Password Storage Vulnerability 漏洞ID 1102756 漏洞类型 Design Error 发布时间 2001-11-27 更新时间 2001-11-27 CVE编号 N/A CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享