CVE-2019-15943

HIGH

Counter-Strike: Global Offensive <1.37.1.1 - RCE/DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15943. PoCs published by bi7s.

AI-analyzed exploit summary The writeup describes a memory corruption vulnerability in Counter-Strike Global Offensive (vphysics.dll) before 1.37.1.1, where a crafted map can trigger an exploitable crash. The PoC involves modifying a specific offset in a map file to corrupt the SEH chain, potentially leading to remote code execution.

Description

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

Exploits (1)

exploitdb WRITEUP
by bi7s · doswindows
https://www.exploit-db.com/exploits/47454

The writeup describes a memory corruption vulnerability in Counter-Strike Global Offensive (vphysics.dll) before 1.37.1.1, where a crafted map can trigger an exploitable crash. The PoC involves modifying a specific offset in a map file to corrupt the SEH chain, potentially leading to remote code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Counter-Strike Global Offensive (vphysics.dll) before 1.37.1.1
No auth needed
Prerequisites: Access to a gaming server · Victim must join the server · Crafted map file (mc.bsp) placed in the correct directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0872
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
valvesoftware/counter-strike\ < 1.37.1.1
Published Sep 19, 2019
Tracked Since Feb 18, 2026