NULL pointer in World in Conflict 1.008

2008-06-25T00:00:00
ID SECURITYVULNS:DOC:20076
Type securityvulns
Reporter Securityvulns
Modified 2008-06-25T00:00:00

Description

                         Luigi Auriemma

Application: World in Conflict http://www.worldinconflict.com Versions: <= 1.008 Platforms: Windows Bug: NULL pointer Exploitation: remote, versus server Date: 22 Jun 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

World in conflict is a RTS game developed by Massive Entertainment (http://www.massive.se) and released in the 2007.

====== 2) Bug ======

The WIC server can be easily crashed through an access violation caused by a NULL pointer resulted by the receiving of a data block of zero bytes to the main TCP game port (default 48000).

=========== 3) The Code ===========

http://aluigi.org/poc/wicboom.zip

====== 4) Fix ======

No fix


Luigi Auriemma http://aluigi.org