GSC Voice Server Denial of Service Vulnerability

["Michael J. Gray" <mooseous () gmail com>]

Product: GSC (Game Servers Client)

Version: 2.00 Build 3017

Website: http://getgsc.com

 

By inspecting the network traffic of messages to voice servers one can see
that ASCII strings are prefixed with their length as a 32-bit signed
integer. Simply modifying this to any length in excess of the actual
string's length will cause a denial of service to that voice server by
crashing it. This may be a precursor to a buffer overflow vulnerability, but
it appears not to be exploitable in this way at this time. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/