CVE-2008-7170

GSC build 2067 and earlier - Unauthenticated Remote Code Execution via Crafted Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7170. PoCs published by Michael Gray.

AI-analyzed exploit summary The exploit describes a privilege-escalation vulnerability in GSC Client due to insufficient validation of administrator credentials. It provides a specific command format for unauthorized administrative actions like kicking users from a channel.

Description

GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.

Exploits (1)

exploitdb WRITEUP
by Michael Gray · textremotemultiple
https://www.exploit-db.com/exploits/31912

The exploit describes a privilege-escalation vulnerability in GSC Client due to insufficient validation of administrator credentials. It provides a specific command format for unauthorized administrative actions like kicking users from a channel.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: GSC Client 1.00 2067
No auth needed
Prerequisites: Access to the GSC Client interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29718
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43120
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493355/100/0/threaded

Scores

EPSS 0.0437
EPSS Percentile 89.1%

Details

CWE
CWE-264
Status published
Products (1)
gameservers/gsc 1.00
Published Sep 08, 2009
Tracked Since Feb 18, 2026