CVE-2006-2537 Information

Description

Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier (b) Beats of Rage (BOR) 1.0029 and earlier and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files as demonstrated by the (1) music identifier in data/scenes/intro.txt which is not properly handled in the update function and (2) background identifier in data/easy/1aeasy.txt which is not properly handled in the shutdown function.

Reference

http://aluigi.altervista.org/adv/borfs-adv.txt http://secunia.com/advisories/20173 http://secunia.com/advisories/20174 http://secunia.com/advisories/20181 http://www.osvdb.org/25687 http://www.securityfocus.com/bid/18088 http://www.vupen.com/english/advisories/2006/1901 http://www.vupen.com/english/advisories/2006/1902 http://www.vupen.com/english/advisories/2006/1903 https://exchange.xforce.ibmcloud.com/vulnerabilities/26582