ID CVE-2006-3789
Summary Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index.
References
Vulnerable Configurations
  • cpe:2.3:a:ufo2000:ufo2000:*:*:*:*:*:*:*:*
    cpe:2.3:a:ufo2000:ufo2000:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19035
bugtraq 20060716 Multiple vulnerabilities in UFO2000 svn 1057
confirm http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log
gentoo GLSA-200702-10
misc http://aluigi.altervista.org/adv/ufo2ko-adv.txt
sectrack 1016503
secunia
  • 21091
  • 24297
sreason 1259
vupen ADV-2006-2837
xf ufo2000-data-code-execution(27802)
Last major update 17-10-2018 - 21:30
Published 24-07-2006 - 12:19
Last modified 17-10-2018 - 21:30
Back to Top