Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Purge_jihad | Freeform_interactive | 2.2.1 (including) | 2.2.1 (including) |
| Alien_versus_predator | Monolith_productions | 2.1.0.9.6 (including) | 2.1.0.9.6 (including) |
| Blood | Monolith_productions | 2.2.1 (including) | 2.2.1 (including) |
| Contract_jack | Monolith_productions | 1.1 (including) | 1.1 (including) |
| Global_operations | Monolith_productions | 2.0 (including) | 2.0 (including) |
| Global_operations | Monolith_productions | 2.1 (including) | 2.1 (including) |
| Kiss_psycho_circus | Monolith_productions | 1.13 (including) | 1.13 (including) |
| Legends_of_might_and_magic | Monolith_productions | 1.1 (including) | 1.1 (including) |
| No_one_lives_forever | Monolith_productions | 1.0.004 (including) | 1.0.004 (including) |
| No_one_lives_forever | Monolith_productions | 2.1.3 (including) | 2.1.3 (including) |
| Sanity | Monolith_productions | 1.0 (including) | 1.0 (including) |
| Shogo | Monolith_productions | 2.2 (including) | 2.2 (including) |
| Tron | Monolith_productions | 2.0.1.42 (including) | 2.0.1.42 (including) |
References
- http://aluigi.altervista.org/adv/lithfs-adv.txt
- http://marc.info/?l=bugtraq\u0026m=109969394601331\u0026w=2
- http://secunia.com/advisories/13116/
- http://secunia.com/advisories/17317
- http://www.securityfocus.com/bid/11610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17972
- http://aluigi.altervista.org/adv/lithfs-adv.txt
- http://marc.info/?l=bugtraq\u0026m=109969394601331\u0026w=2
- http://secunia.com/advisories/13116/
- http://secunia.com/advisories/17317
- http://www.securityfocus.com/bid/11610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17972