CVE-2009-2548 Information

Description

Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier and 1.16 beta and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request which is not properly handled when logging an error message.

Reference

http://aluigi.altervista.org/adv/armazzofs-adv.txt http://www.vupen.com/english/advisories/2009/1951