Secunia Logo
 
Lithtech Engine Format String Vulnerabilities
Secunia Advisory: SA13116
Release Date: 2004-11-08
Last Update: 2005-02-21
Popularity: 6,056 views

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software:Lithtech engine

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-1500


Description:
Luigi Auriemma has reported some vulnerabilities in Lithtech engine, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to format string errors and can be exploited by e.g. sending a specially crafted message or nickname to a vulnerable server.

Successful exploitation allows execution of arbitrary code on the server.

Solution:
Grant only trusted users access to the game.

Provided and/or discovered by:
Luigi Auriemma

Changelog:
2005-02-21: Added CVE reference.

Original Advisory:
http://aluigi.altervista.org/adv/lithfs-adv.txt


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 124 views
2. Microsoft Office Communications Server SIP INVITE Denial of Service // 76 views
3. VLC Media Player Real Demuxer Integer Overflow Vulnerability // 70 views
4. Adobe Flash Player Multiple Security Issues and Vulnerabilities // 59 views
5. Lito Lite CMS "cid" SQL Injection Vulnerability // 34 views
6. Bluo CMS "id" SQL Injection Vulnerability // 34 views
7. Mozilla Firefox 3 Multiple Vulnerabilities // 34 views
8. Basic PHP CMS "id" SQL Injection Vulnerability // 29 views
9. BlackBerry Desktop Software FlexNET Connect ActiveX Control Vulnerability // 29 views
10. Microsoft XML Core Services Multiple Vulnerabilities // 29 views