9.3

CVE-2007-5247

Exploit

EPSS 5.06%
Veröffentlicht 06.10.2007 17:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500.  NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Monolith Productions ≫ First Encounter Assault Recon Version <= 1.08

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.06%	0.887

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://aluigi.altervista.org/adv/fearfspb-adv.txt

Exploit

http://aluigi.org/poc/fearfspb.zip

Exploit

http://osvdb.org/45530

http://osvdb.org/45531

http://securityreason.com/securityalert/3197

http://www.securityfocus.com/archive/1/481231/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/36900

https://nvd.nist.gov/vuln/detail/CVE-2007-5247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5247

EUVD