CVE-2006-2537 - Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.

CVE-2006-2537

Summary

Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.

References

Vulnerable Configurations

cpe:2.3:a:horizontal_shooter_bor:horizontal_shooter_bor:*:*:*:*:*:*:*:*
cpe:2.3:a:horizontal_shooter_bor:horizontal_shooter_bor:*:*:*:*:*:*:*:*
cpe:2.3:a:openbor:openbor:*:*:*:*:*:*:*:*
cpe:2.3:a:openbor:openbor:*:*:*:*:*:*:*:*
cpe:2.3:a:senile_team:beats_of_rage:*:*:*:*:*:*:*:*
cpe:2.3:a:senile_team:beats_of_rage:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	18088
misc	http://aluigi.altervista.org/adv/borfs-adv.txt
osvdb	25687
secunia	20173 20174 20181
vupen	ADV-2006-1901 ADV-2006-1902 ADV-2006-1903
xf	bor-mod-file-format-string(26582)

Last major update

20-07-2017 - 01:31

Published

22-05-2006 - 23:10

Last modified

20-07-2017 - 01:31