CVE-2004-1500

EPSS 1.9%

Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/24724unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/lithfs-adv.txt http://marc.info/?l=bugtraq&m=109969394601331&w=2 http://secunia.com/advisories/13116/http://secunia.com/advisories/17317 https://exchange.xforce.ibmcloud.com/vulnerabilities/17972 http://www.securityfocus.com/bid/11610