J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: 3DO Army Men Real Time Strategy Game Remote Format String Vulnerability

Severity: CRITICAL

Description:

3DO Army Men Real Time Strategy Game is a Windows based real-time strategy game. It supports a client/server model for distributed gaming.

Reportedly a remote format string vulnerability affects 3DO Army Men Real Time Strategy Game. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it in a formatted string function.

The problem presents itself when an attacker joins a game server remotely. Apparently the player name that is provided is used in a formatted string function prior to any sanitization. This would allow an attacker to provide a user name containing format string specifiers, which would be interpreted literally when the application attempts to display it, facilitating remote code execution.

An attacker may leverage this issue to crash the affected server and execute arbitrary code with the privileges of the user that activated the vulnerable game server.

Affected Products:

  • 3DO Army Men Real Time Strategy Game 1.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.