vendor:
Live for Speed (LFS)
by:
n00b
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Live for Speed (LFS)
Affected Version From: Live for Speed (LFS) versions S2, S1, and the demo version
Affected Version To: Live for Speed (LFS) versions S2, S1, and the demo version
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Platforms Tested: Windows
Not specified
0day Live for speed patch x s2 /s1 and demo local .mpr buffer over flow
A local buffer overflow vulnerability exists in Live for Speed (LFS) racing simulator. The vulnerability can be exploited by tricking a user into opening a specially crafted .mpr file, allowing an attacker to execute arbitrary shell code on the victim's computer. The buffer overflow is caused by a flaw in the car name field of the .mpr file. By manipulating the car name, an attacker can perform a jump or call to the ESP register, allowing for code execution. The vulnerability affects LFS versions S2, S1, and the demo version.
Mitigation:
The vendor has not provided a patch for this vulnerability. Users are advised to exercise caution when opening .mpr files from untrusted sources. Avoid opening .mpr files from unknown or suspicious sources.
