Vulnerability Description
Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scorched 3D | Scorched 3D | 39.1 |
References
- http://aluigi.altervista.org/adv/scorchbugs-adv.txtExploitVendor Advisory
- http://marc.info/?l=full-disclosure&m=113095941031946&w=2
- http://secunia.com/advisories/17423
- http://www.gentoo.org/security/en/glsa/glsa-200511-12.xml
- http://www.osvdb.org/20468
- http://www.osvdb.org/20469
- http://www.securityfocus.com/bid/15292
- http://www.vupen.com/english/advisories/2005/2288
- http://aluigi.altervista.org/adv/scorchbugs-adv.txtExploitVendor Advisory
- http://marc.info/?l=full-disclosure&m=113095941031946&w=2
- http://secunia.com/advisories/17423
- http://www.gentoo.org/security/en/glsa/glsa-200511-12.xml
- http://www.osvdb.org/20468
- http://www.osvdb.org/20469
- http://www.securityfocus.com/bid/15292
FAQ
What is CVE-2005-3487?
CVE-2005-3487 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serv...
How severe is CVE-2005-3487?
CVE-2005-3487 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3487?
Check the references section above for vendor advisories and patch information. Affected products include: Scorched 3D Scorched 3D.