CVE-2007-5247

Name of the Vulnerable Software and Affected Versions: Monolith Lithtech engine versions 1.08 and earlier

Description: The issue concerns multiple format string vulnerabilities in the Monolith Lithtech engine. These vulnerabilities can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in a daemon crash. The exploitation can occur through format string specifiers in specific packets, including a PB Y packet to the YPG server on UDP port 27888 or a PB U packet to UCON on UDP port 27888.

Recommendations: For Monolith Lithtech engine versions 1.08 and earlier, consider disabling Punkbuster (PB) until a patch is available to prevent exploitation. Additionally, restrict access to the YPG server on UDP port 27888 and UCON on UDP port 27888 to minimize the risk of exploitation.