Ads Quake 2 Server Format String (Lithium II) Saturday, 10 September 2005 Summary "Lithium II is a very configurable server-side deathmatch modification for Quake II." By crafting a special nick name it is possible to cause a format string attack under Quake 2 Lithium. Credit: The information has been provided by sinNULL. Details Vulnerable Systems: * Quake 2 Lithium II version 1.2 Quake 2 Lithium does not not filter the nick name that users selects for themselves. Creating a nick name such as %999f%f%f%f%f allow real number to overflow their range and cause a carry flag. The format string is entered to the stuck as following: 004144A1 |. 68 E821AF00 PUSH QUAKE2.00AF21E8 ; ASCII "0.000000 0.000000 0.000000" The format string takes place when a user is been killed, and the server caused an invalid page fault in module at 0000:3030302e.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.