header-logo
Suggest Exploit
vendor:
Colin McRae Rally 2004
by:
Unknown
5.5
CVSS
MEDIUM
Server response manipulation
20
CWE
Product Name: Colin McRae Rally 2004
Affected Version From: Colin McRae Rally 2004
Affected Version To: Colin McRae Rally 2004
Patch Exists: NO
Related CWE:
CPE: a:colin_mcrae:rally_2004
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Flaw handling server responses in Colin McRae Rally 2004

Colin McRae Rally 2004 has a flaw in handling server responses when entering the multiplayer menu. An attacker can mimic a server and send an invalid response to crash the client game, denying service to legitimate users.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10464/info

It is reported that Colin McRae Rally 2004 has a flaw handling server responses when entering the multiplayer menu of the game.

When entering the multiplayer menu, the game client sends a broadcast message requesting information from all servers on the local network. It is reported that an attacker is able to mimic a server and respond to these broadcast requests with an invalid response, causing a crash of the client game.

An attacker running a malicious server process could block all multiplayer access in a local network, denying service to all legitimate users. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24170.zip