Lucene search

[email protected]CVE-2008-1127

HistoryMar 03, 2008 - 11:44 p.m.

CVE-2008-1127

2008-03-0323:44:00

CWE-134

[email protected]

web.nvd.nist.gov

crysis

format string vulnerability

remote code execution

cve-2008-1127

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

Affected configurations

NVD

Node

crytekcrysisMatch1.1.1.5879

CPENameOperatorVersion
crytek:crysiscrytek crysiseq1.1.1.5879

CPE	Name	Operator	Version
crytek:crysis	crytek crysis	eq	1.1.1.5879

References

secunia.com/advisories/29155

www.securityfocus.com/bid/28039

www.vupen.com/english/advisories/2008/0735

www.exploit-db.com/exploits/5201

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2008-1127

cvelist1 prion1 nvd1