CVE-2006-3789

Name of the Vulnerable Software and Affected Versions UFO2000 version prior to svn 1058

Description The issue is related to multiple array index errors in certain functions within the multiplay.cpp file. Specifically, the errors occur in the recv rules, recv select unit, recv options, and recv unit data functions. These errors can be exploited by remote attackers to execute arbitrary code and cause a denial of service, resulting in an opponent crash. This can be achieved by sending certain packet data that specifies an out-of-bounds index.

Recommendations For UFO2000 version prior to svn 1058, update to a version later than svn 1057 to resolve the issue. As a temporary workaround, consider restricting access to the multiplay functionality until a patch is available.