CVE-2008-3116

Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/3982
http://www.securityfocus.com/archive/1/493649/100/0/threaded
http://www.securityfocus.com/bid/29928
https://exchange.xforce.ibmcloud.com/vulnerabilities/43370

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hanghai:5th_street::::::::
	cpe:2.3:a:hanghai:high_street_5::::::::
	cpe:2.3:a:hanghai:hot_step::::::::

History

No history.

Information

Published : 2008-07-10 17:41

Updated : 2024-02-28 11:21

NVD link : CVE-2008-3116

Mitre link : CVE-2008-3116

CVE.ORG link : CVE-2008-3116

JSON object : View

Products Affected

hanghai

high_street_5
5th_street
hot_step

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2008-3116", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-07-10T17:41:00.000", "references": [{"url": "http://securityreason.com/securityalert/3982", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/493649/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29928", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43370", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message."}, {"lang": "es", "value": "Vulnerabilidad de formato de cadena en dx8render.dll de Snail Game (tambi\u00e9n conocido como Suzhou Snail Electronic Company) 5th street (tambi\u00e9n conocido como Hot Step or High Street 5), permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de especificadores de formato de cadena en un mensaje chat."}], "lastModified": "2018-10-11T20:46:59.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanghai:5th_street:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AB46B0E-9E22-415D-8A9D-8371A9410B79"}, {"criteria": "cpe:2.3:a:hanghai:high_street_5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "480E2ABF-E794-4500-9EFC-111E09E5AEC7"}, {"criteria": "cpe:2.3:a:hanghai:hot_step:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDB88C39-3A20-4A9E-863C-EBA4F9661DA4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}