CVE-2006-0771
PunkBuster < 1.180 - Remote Code Execution via Format String Specifiers in Invalid Cvar Values
Title source: llmDescription
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18917
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/sof2pbfs-adv.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425286/100/0/threaded
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16703
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24792
Scores
EPSS
0.0306
EPSS Percentile
85.9%
Details
CWE
CWE-134
Status
published
Products (1)
even_balance/punkbuster
< 1.180
Published
Feb 18, 2006
Tracked Since
Feb 18, 2026