Lucene search

MitreCVE-2009-3924

HistoryNov 10, 2009 - 2:30 a.m.

CVE-2009-3924

2009-11-1002:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-3924

buffer overflow

pbsv.dll

soldier of fortune ii

even balance punkbuster

denial of service

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.

Affected configurations

Nvd

Node

raven_softwaresoldier_of_fortune_2

AND

punkbusterpunkbusterRange≤1.728

punkbusterpunkbusterMatch1.272

punkbusterpunkbusterMatch1.457

punkbusterpunkbusterMatch1.458

punkbusterpunkbusterMatch1.641

punkbusterpunkbusterMatch1.642

punkbusterpunkbusterMatch1.718

punkbusterpunkbusterMatch1.723

VendorProductVersionCPE
raven_softwaresoldier_of_fortune_2*cpe:2.3:a:raven_software:soldier_of_fortune_2:*:*:*:*:*:*:*:*
punkbusterpunkbuster*cpe:2.3:a:punkbuster:punkbuster:*:*:*:*:*:*:*:*
punkbusterpunkbuster1.272cpe:2.3:a:punkbuster:punkbuster:1.272:*:*:*:*:*:*:*
punkbusterpunkbuster1.457cpe:2.3:a:punkbuster:punkbuster:1.457:*:*:*:*:*:*:*
punkbusterpunkbuster1.458cpe:2.3:a:punkbuster:punkbuster:1.458:*:*:*:*:*:*:*
punkbusterpunkbuster1.641cpe:2.3:a:punkbuster:punkbuster:1.641:*:*:*:*:*:*:*
punkbusterpunkbuster1.642cpe:2.3:a:punkbuster:punkbuster:1.642:*:*:*:*:*:*:*
punkbusterpunkbuster1.718cpe:2.3:a:punkbuster:punkbuster:1.718:*:*:*:*:*:*:*
punkbusterpunkbuster1.723cpe:2.3:a:punkbuster:punkbuster:1.723:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
raven_software	soldier_of_fortune_2	*	cpe:2.3:a:raven_software:soldier_of_fortune_2::::::::
punkbuster	punkbuster	*	cpe:2.3:a:punkbuster:punkbuster::::::::
punkbuster	punkbuster	1.272	cpe:2.3:a:punkbuster:punkbuster:1.272:::::::*
punkbuster	punkbuster	1.457	cpe:2.3:a:punkbuster:punkbuster:1.457:::::::*
punkbuster	punkbuster	1.458	cpe:2.3:a:punkbuster:punkbuster:1.458:::::::*
punkbuster	punkbuster	1.641	cpe:2.3:a:punkbuster:punkbuster:1.641:::::::*
punkbuster	punkbuster	1.642	cpe:2.3:a:punkbuster:punkbuster:1.642:::::::*
punkbuster	punkbuster	1.718	cpe:2.3:a:punkbuster:punkbuster:1.718:::::::*
punkbuster	punkbuster	1.723	cpe:2.3:a:punkbuster:punkbuster:1.723:::::::*

References

aluigi.altervista.org/adv/sof2pbbof-adv.txt

aluigi.org/poc/sof2pbbof.zip

secunia.com/advisories/36221

exchange.xforce.ibmcloud.com/vulnerabilities/52400

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Related for CVE-2009-3924