lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041114204458.7cce9b1a.aluigi@autistici.org> Date: Sun, 14 Nov 2004 20:44:58 +0000 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com, bugs@...uritytracker.com, news@...uriteam.com, full-disclosure@...ts.netsys.com, vuln@...unia.com Subject: Format string bug in Army Men RTS ####################################################################### Luigi Auriemma Application: Army Men RTS http://www.3do.com/armymen/armymen/ Versions: 1.0 Platforms: Windows Bug: format string Exploitation: remote, versus server Date: 14 November 2004 Author: Luigi Auriemma e-mail: aluigi@...ervista.org web: http://aluigi.altervista.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Army Men RTS is a real-time strategy game developed by Pandemic Studios (http://www.pandemicstudios.com) and released in March 2002. ####################################################################### ====== 2) Bug ====== The game server is affected by a format string bug in the name of the player that joins in it. ####################################################################### =========== 3) The Code =========== Join a server using the nickname %n%n%n, it will crash immediately. ####################################################################### ====== 4) Fix ====== No fix. The game is no longer supported. ####################################################################### --- Luigi Auriemma http://aluigi.altervista.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists