1250

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

rfactor

NVD

Published: 2007-08-21

Updated: 2018-10-15

Summary

Image Space rFactor 1.250 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) an ID 0x30 packet, (2) an ID 0x38 packet, and an invalid 13-bit integer in (3) an ID 0x60 packet and (4) an ID 0x68 packet; and a denial of service (UDP port block) via (5) an ID 0x20 packet and (6) an ID 0x28 packet.

Vulnerable Configurations

Part	Description	Count
Application	Rfactor Rfactor Rfactor 1150 Rfactor Rfactor 1250	2

References

http://aluigi.org/poc/rfactorx.zip
http://forum.racesimcentral.com/showthread.php?t=298659
http://secunia.com/advisories/26526
http://securityreason.com/securityalert/3037
http://www.rfactor.net/?page=news_09-26_1255
http://www.securityfocus.com/archive/1/477023/100/0/threaded
http://www.securityfocus.com/archive/1/480591/100/200/threaded
http://www.securityfocus.com/archive/1/480921/100/200/threaded
http://www.securityfocus.com/bid/25358
https://exchange.xforce.ibmcloud.com/vulnerabilities/36094
https://exchange.xforce.ibmcloud.com/vulnerabilities/36095