CVE-2008-1127

Name of the Vulnerable Software and Affected Versions Crysis version 1.1.1.5879

Description The issue allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. This occurs due to a format string vulnerability in the cryactio function.

Recommendations For Crysis version 1.1.1.5879, as a temporary workaround, consider restricting the use of format string specifiers in the user name to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.