CVE-2007-4257

Live for Speed S1 and S2 - Buffer Overflow via Long User Name or Number Plate String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4257. PoCs published by n00b.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Live for Speed S2 (0.5X9) via a maliciously crafted .spr (replay) file. The exploit overwrites the EIP with a JMP ESP instruction and includes shellcode to achieve remote code execution.

Description

Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.

Exploits (2)

exploitdb WORKING POC VERIFIED
by n00b · c++localwindows
https://www.exploit-db.com/exploits/4263

This exploit demonstrates a buffer overflow vulnerability in Live for Speed S2 (0.5X9) via a maliciously crafted .spr (replay) file. The exploit overwrites the EIP with a JMP ESP instruction and includes shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Live for Speed S2 ALPHA PATCH 0.5X
No auth needed
Prerequisites: Victim must open the malicious .spr file in Live for Speed S2
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by n00b · c++localwindows
https://www.exploit-db.com/exploits/4262

This exploit demonstrates a buffer overflow vulnerability in Live for Speed S2 by crafting a malicious .ply file with an overly long number plate string. The exploit includes shellcode and leverages a JMP ESP instruction to achieve remote code execution when the victim loads the file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Live for Speed S2 ALPHA PATCH 0.5X
No auth needed
Prerequisites: Victim must load the malicious .ply file into the game's misc folder · Knowledge of the victim's username to name the file appropriately
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25206
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/46769
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/46768
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4263
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4262
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25208

Scores

EPSS 0.3313
EPSS Percentile 97.0%

Details

Status published
Products (2)
lfs/live_for_speed sp1
lfs/live_for_speed sp2
Published Aug 08, 2007
Tracked Since Feb 18, 2026