Vulnerability Details : CVE-2009-2548
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2009-2548
- cpe:2.3:a:bistudio:arma:*:*:*:*:*:*:*:*
- cpe:2.3:a:bistudio:arma:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:bistudio:arma_2:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2548
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-2548
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2548
-
http://www.vupen.com/english/advisories/2009/1951
Vendor Advisory
-
http://aluigi.altervista.org/adv/armazzofs-adv.txt
Exploit
Jump to