Vavoom 1.24 - sv_main.cpp Say Command Remote Format String

2007-08-24T00:00:00
ID EXPLOITPACK:C2FF6BAE210F1200F0031C0201C598A6
Type exploitpack
Reporter Luigi Auriemma
Modified 2007-08-24T00:00:00

Description

Vavoom 1.24 - sv_main.cpp Say Command Remote Format String

                                        
                                            source: https://www.securityfocus.com/bid/25436/info

Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the format-string vulnerability, an attacker sends a chat message containing '%n%n%n%n%s' string.