CVE-2006-2537 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2006-2537?

CVE-2006-2537 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-2537?

Check the references section above for vendor advisories and patch information. Affected products include: Horizontal Shooter Bor Horizontal Shooter Bor, Openbor Openbor, Senile Team Beats Of Rage.

Vulnerability Description

Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Horizontal Shooter Bor	Horizontal Shooter Bor	<= 2.0000
Openbor	Openbor	<= 2.0046
Senile Team	Beats Of Rage	<= 1.0029

References

http://aluigi.altervista.org/adv/borfs-adv.txtExploitVendor Advisory
http://secunia.com/advisories/20173Vendor Advisory
http://secunia.com/advisories/20174Vendor Advisory
http://secunia.com/advisories/20181Vendor Advisory
http://www.osvdb.org/25687
http://www.securityfocus.com/bid/18088
http://www.vupen.com/english/advisories/2006/1901
http://www.vupen.com/english/advisories/2006/1902
http://www.vupen.com/english/advisories/2006/1903
https://exchange.xforce.ibmcloud.com/vulnerabilities/26582
http://aluigi.altervista.org/adv/borfs-adv.txtExploitVendor Advisory
http://secunia.com/advisories/20173Vendor Advisory
http://secunia.com/advisories/20174Vendor Advisory
http://secunia.com/advisories/20181Vendor Advisory
http://www.osvdb.org/25687

FAQ

What is CVE-2006-2537?

CVE-2006-2537 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to ...

How severe is CVE-2006-2537?

CVE-2006-2537 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-2537?

Check the references section above for vendor advisories and patch information. Affected products include: Horizontal Shooter Bor Horizontal Shooter Bor, Openbor Openbor, Senile Team Beats Of Rage.