Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 5th_street | Hanghai | * | * |
| High_street_5 | Hanghai | * | * |
| Hot_step | Hanghai | * | * |
Potential Mitigations
Related Attack Patterns
References
- http://securityreason.com/securityalert/3982
- http://www.securityfocus.com/archive/1/493649/100/0/threaded
- http://www.securityfocus.com/bid/29928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43370
- http://securityreason.com/securityalert/3982
- http://www.securityfocus.com/archive/1/493649/100/0/threaded
- http://www.securityfocus.com/bid/29928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43370