FKIE_CVE-2007-5250

Vulnerability from fkie_nvd - Published: 2007-10-06 17:17 - Updated: 2026-04-23 00:35
Severity ?
Summary
The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
References
cve@mitre.orghttp://aluigi.altervista.org/adv/aaboompb-adv.txtExploit
cve@mitre.orghttp://aluigi.org/poc/aaboompb.zipExploit
cve@mitre.orghttp://secunia.com/advisories/27015
cve@mitre.orghttp://securityreason.com/securityalert/3193
cve@mitre.orghttp://www.securityfocus.com/archive/1/481227/100/0/threaded
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36898
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/aaboompb-adv.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://aluigi.org/poc/aaboompb.zipExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27015
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3193
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/481227/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36898
Impacted products
Vendor Product Version
americasarmy america\'s_army *
americasarmy america\'s_army_special_forces *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:americasarmy:america\\\u0027s_army:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A9CF443-569C-4B00-9727-28B9F8596712",
              "versionEndIncluding": "2.8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:americasarmy:america\\\u0027s_army_special_forces:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "211C4D46-83C1-4FBE-88B8-A5F113BAA6A9",
              "versionEndIncluding": "2.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Windows dedicated server for the Unreal engine, as used by America\u0027s Army and America\u0027s Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters.  NOTE: this issue may overlap CVE-2007-4443.  NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
    },
    {
      "lang": "es",
      "value": "El servidor dedicado Windows sobre el motor Unreal, utilizado en America\u0027s Army y America\u0027s Army Special Forces 2.8.2 y anteriores, cuando Punkbuster (PB) est\u00e1 activado, permite a atacantes remotos provocar denegaci\u00f3n de servicio (cuelgue del servidor) a trav\u00e9s de paquetes conteniendo car\u00e1cteres 0x07 o otros caract\u00e9res no especificados no v\u00e1lidos. NOTA: este asunto podr\u00eda solaparse con CVE-2007-4443.  NOTA: este asunto podr\u00eda estar en Punkbuster por si mismo, pero hay detalles insuficientes para estar seguros."
    }
  ],
  "id": "CVE-2007-5250",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-06T17:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/aaboompb-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.org/poc/aaboompb.zip"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3193"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481227/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/aaboompb-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.org/poc/aaboompb.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481227/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36898"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.