Lucene search

[email protected]NVD:CVE-2009-3924

HistoryNov 10, 2009 - 2:30 a.m.

CVE-2009-3924

2009-11-1002:30:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.

Affected configurations

Nvd

Node

raven_softwaresoldier_of_fortune_2

AND

punkbusterpunkbusterRange≤1.728

punkbusterpunkbusterMatch1.272

punkbusterpunkbusterMatch1.457

punkbusterpunkbusterMatch1.458

punkbusterpunkbusterMatch1.641

punkbusterpunkbusterMatch1.642

punkbusterpunkbusterMatch1.718

punkbusterpunkbusterMatch1.723

VendorProductVersionCPE
raven_softwaresoldier_of_fortune_2*cpe:2.3:a:raven_software:soldier_of_fortune_2:*:*:*:*:*:*:*:*
punkbusterpunkbuster*cpe:2.3:a:punkbuster:punkbuster:*:*:*:*:*:*:*:*
punkbusterpunkbuster1.272cpe:2.3:a:punkbuster:punkbuster:1.272:*:*:*:*:*:*:*
punkbusterpunkbuster1.457cpe:2.3:a:punkbuster:punkbuster:1.457:*:*:*:*:*:*:*
punkbusterpunkbuster1.458cpe:2.3:a:punkbuster:punkbuster:1.458:*:*:*:*:*:*:*
punkbusterpunkbuster1.641cpe:2.3:a:punkbuster:punkbuster:1.641:*:*:*:*:*:*:*
punkbusterpunkbuster1.642cpe:2.3:a:punkbuster:punkbuster:1.642:*:*:*:*:*:*:*
punkbusterpunkbuster1.718cpe:2.3:a:punkbuster:punkbuster:1.718:*:*:*:*:*:*:*
punkbusterpunkbuster1.723cpe:2.3:a:punkbuster:punkbuster:1.723:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
raven_software	soldier_of_fortune_2	*	cpe:2.3:a:raven_software:soldier_of_fortune_2::::::::
punkbuster	punkbuster	*	cpe:2.3:a:punkbuster:punkbuster::::::::
punkbuster	punkbuster	1.272	cpe:2.3:a:punkbuster:punkbuster:1.272:::::::*
punkbuster	punkbuster	1.457	cpe:2.3:a:punkbuster:punkbuster:1.457:::::::*
punkbuster	punkbuster	1.458	cpe:2.3:a:punkbuster:punkbuster:1.458:::::::*
punkbuster	punkbuster	1.641	cpe:2.3:a:punkbuster:punkbuster:1.641:::::::*
punkbuster	punkbuster	1.642	cpe:2.3:a:punkbuster:punkbuster:1.642:::::::*
punkbuster	punkbuster	1.718	cpe:2.3:a:punkbuster:punkbuster:1.718:::::::*
punkbuster	punkbuster	1.723	cpe:2.3:a:punkbuster:punkbuster:1.723:::::::*

References

aluigi.altervista.org/adv/sof2pbbof-adv.txt

aluigi.org/poc/sof2pbbof.zip

secunia.com/advisories/36221

exchange.xforce.ibmcloud.com/vulnerabilities/52400

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Related for NVD:CVE-2009-3924

cvelist1 cve1 prion1