Valve Software Source Engine - Format String Vulnerability

ID EDB-ID:33172
Type exploitdb
Reporter Luigi Auriemma
Modified 2009-08-17T00:00:00


Valve Software Source Engine Format String Vulnerability. Remote exploit for windows platform


Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Source Engine 3968 and prior builds are affected.