CVE-2009-2548

Name of the Vulnerable Software and Affected Versions Armed Assault versions 1.14 and earlier Armed Assault version 1.16 beta Armed Assault II versions 1.02 and earlier

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the nickname and datafile fields in a join request. This occurs because the fields are not properly handled when logging an error message.

Recommendations For Armed Assault versions 1.14 and earlier, consider restricting access to the join request functionality until a fix is available. For Armed Assault version 1.16 beta, avoid using the nickname and datafile fields in join requests until the issue is resolved. For Armed Assault II versions 1.02 and earlier, restrict the use of the vulnerable fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.