CVE-2007-1251

Netrek Vanilla Server 2.12.0 - Remote Code Execution via Format String in Warning Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1251. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The writeup describes a format string vulnerability in Netrek Vanilla server <= 2.12.0, exploitable via a malformed nickname when EVENTLOG is enabled. The bug is in the new_warning() function due to improper use of pmessage2().

Description

Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/3399

View Code ZIP pw:eip

The writeup describes a format string vulnerability in Netrek Vanilla server <= 2.12.0, exploitable via a malformed nickname when EVENTLOG is enabled. The bug is in the new_warning() function due to improper use of pmessage2().

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Netrek Vanilla server <= 2.12.0

No auth needed

Prerequisites: EVENTLOG switch enabled · Attacker must lock a player with a malformed nickname

MITRE ATT&CK