[Full-Disclosure] Re: Format string bug in Army Men RTS

Manowar manowar at dnt.ro
Mon Nov 15 18:20:20 GMT 2004 

i don't suppose you noticed 3do has been gone from the gaming scene for 
years, did you?
should we expect any buffer overflow in wolf3d/spear of destiny any time 
soon?
have a nice day.

----- Original Message ----- 
From: "Luigi Auriemma" <aluigi at autistici.org>
To: <bugtraq at securityfocus.com>; <bugs at securitytracker.com>; 
<news at securiteam.com>; <full-disclosure at lists.netsys.com>; 
<vuln at secunia.com>
Sent: Sunday, November 14, 2004 10:44 PM
Subject: Format string bug in Army Men RTS


>
> #######################################################################
>
>                             Luigi Auriemma
>
> Application:  Army Men RTS
>              http://www.3do.com/armymen/armymen/
> Versions:     1.0
> Platforms:    Windows
> Bug:          format string
> Exploitation: remote, versus server
> Date:         14 November 2004
> Author:       Luigi Auriemma
>              e-mail: aluigi at altervista.org
>              web:    http://aluigi.altervista.org
>
>
> #######################################################################
>
>
> 1) Introduction
> 2) Bug
> 3) The Code
> 4) Fix
>
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
>
> Army Men RTS is a real-time strategy game developed by Pandemic Studios
> (http://www.pandemicstudios.com) and released in March 2002.
>
>
> #######################################################################
>
> ======
> 2) Bug
> ======
>
>
> The game server is affected by a format string bug in the name of the
> player that joins in it.
>
>
> #######################################################################
>
> ===========
> 3) The Code
> ===========
>
>
> Join a server using the nickname %n%n%n, it will crash immediately.
>
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
>
> No fix.
> The game is no longer supported.
>
>
> #######################################################################
>
>
> --- 
> Luigi Auriemma
> http://aluigi.altervista.org
>
>

Full-Disclosure is hosted and sponsored by Secunia.