CVE-2006-3400

Quake 3 Engine - Stack-Based Buffer Overflow in CG_ServerCommand

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3400. PoCs published by RunningBon.

AI-analyzed exploit summary This exploit targets a stack overflow in the Quake 3 Engine's CG_ServerCommand() function. It uses a DLL injection technique with Microsoft Detours to hook the SV_SendServerCommand function and trigger the overflow with a crafted payload.

Description

Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RunningBon · c++doswindows

https://www.exploit-db.com/exploits/1976

View Code ZIP pw:eip

This exploit targets a stack overflow in the Quake 3 Engine's CG_ServerCommand() function. It uses a DLL injection technique with Microsoft Detours to hook the SV_SendServerCommand function and trigger the overflow with a crafted payload.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SOF2MP GOLD V1.03

No auth needed

Prerequisites: Microsoft Detours library · Access to inject DLL into the server process

MITRE ATT&CK