Buffer-Overflow Vulnerability in Live for Speed

vendor:

Live for Speed

by:

Unknown

7.5

CVSS

HIGH

Buffer-Overflow

119

CWE

Product Name: Live for Speed

Affected Version From: Not specified

Affected Version To: Not specified

Patch Exists: NO

Related CWE: Not specified

CPE: Not specified

Metasploit:

Other Scripts:

Platforms Tested: Not specified

2007

Buffer-Overflow Vulnerability in Live for Speed

The Live for Speed application is vulnerable to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successful exploitation of this vulnerability can lead to remote attackers compromising affected computers. Failed exploit attempts may cause denial-of-service conditions.

Mitigation:

No specific mitigation or remediation steps provided in the source

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26066/info

Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.

UPDATE (December 24, 2007): The recently released Y patch does not address this issue. Please see the references for more information. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30672.zip