CVE-2007-4446 Information

Description

Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.

Reference

http://aluigi.org/poc/toribashish.zip http://secunia.com/advisories/26507 http://securityreason.com/securityalert/3033 http://www.securityfocus.com/archive/1/477025/100/0/threaded http://www.securityfocus.com/bid/25359