CVE-2008-3116

Snail Game 5th Street - Remote Code Execution via Chat Message Format String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3116. PoCs published by superkhung.

AI-analyzed exploit summary The exploit describes a format-string vulnerability in the '5th street' game. Sending a specific chat message (%5000000.x) causes a crash in the game client of connected users, potentially leading to arbitrary code execution or denial-of-service.

Description

Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by superkhung · textdoswindows
https://www.exploit-db.com/exploits/31964

The exploit describes a format-string vulnerability in the '5th street' game. Sending a specific chat message (%5000000.x) causes a crash in the game client of connected users, potentially leading to arbitrary code execution or denial-of-service.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: 5th street game (version unspecified)
No auth needed
Prerequisites: Network access to the game server · Ability to send chat messages
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43370
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493649/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3982
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29928

Scores

EPSS 0.0554
EPSS Percentile 90.4%

Details

CWE
CWE-134
Status published
Products (3)
hanghai/5th_street
hanghai/high_street_5
hanghai/hot_step
Published Jul 10, 2008
Tracked Since Feb 18, 2026