CVE-2005-3486

Scorched 3D <39.1 - RCE

Title source: llm

Description

Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.

Exploits (1)

exploitdb WORKING POC

cdoswindows

https://www.exploit-db.com/exploits/1285

View on exploitdb

References (6)

[Exploit, Vendor Advisory] http://aluigi.altervista.org/adv/scorchbugs-adv.txt

[Mailing List] http://marc.info/?l=full-disclosure&m=113095941031946&w=2

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200511-12.xml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15292

[Third Party Advisory] http://secunia.com/advisories/17423

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2288

Scores

EPSS 0.1412

EPSS Percentile 94.2%

Classification

Status draft

Affected Products (1)

scorched_3d/scorched_3d

Timeline

Published Nov 03, 2005

Tracked Since Feb 18, 2026