CVE-2007-5248

Published Oct 6, 2007

Last updated 6 years ago

Overview

Description: Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-134

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:id_software:doom_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD00B776-5B81-4550-9979-3AD874650EA4",
            "versionEndIncluding": "1.3.1"
          },
          {
            "criteria": "cpe:2.3:a:id_software:quake_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B6011A-2C94-4387-9C9E-EDABF01990E0",
            "versionEndIncluding": "1.4.2"
          },
          {
            "criteria": "cpe:2.3:a:take2games:prey:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F6E7FAB-21F9-4F77-9E50-7737A4F95051",
            "versionEndIncluding": "1.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References