Vulnerability Details : CVE-2008-3116
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2008-3116
Probability of exploitation activity in the next 30 days: 5.58%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-3116
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3116
Products affected by CVE-2008-3116
- cpe:2.3:a:hanghai:5th_street:*:*:*:*:*:*:*:*
- cpe:2.3:a:hanghai:high_street_5:*:*:*:*:*:*:*:*
- cpe:2.3:a:hanghai:hot_step:*:*:*:*:*:*:*:*