Vavoom 1.24 p_thinker.cpp VThinker::BroadcastPrintf Function Multiple Field Remote Overflow

2007-08-24T00:00:00
ID EDB-ID:30528
Type exploitdb
Reporter Luigi Auriemma
Modified 2007-08-24T00:00:00

Description

Vavoom 1.24 p_thinker.cpp VThinker::BroadcastPrintf Function Multiple Field Remote Overflow. CVE-2007-4534. Dos exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/25436/info
  
Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.
  
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
  
Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the buffer-overflow vulnerability, the attacker opens the 'vavoom\basev\doom2\config.cfg' file, and adds the following lines:'alias bof "say aaa...(992_'a's)...aaa" name ''aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'' '