<<< Date Index >>>     <<< Thread Index >>>

Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0



#######################################################################

                             Luigi Auriemma

Application:  Chris Moneymaker's World Poker Championship
              http://moneymakergaming.com
Versions:     1.0
Platforms:    Windows
Bug:          buffer-overflow
Exploitation: remote, versus server
Date:         17 Aug 2005
Author:       Luigi Auriemma
              e-mail: aluigi@xxxxxxxxxxxxx
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Chris Moneymaker's World Poker Championship is a poker game developed
and published by Valusoft (http://www.valusoft.com) in April 2005.


#######################################################################

======
2) Bug
======


The game is affected by a buffer-overflow during the usage of sprintf()
for the creation of the string "%s has joined the game." (where %s is
replaced by the nickname passed by the client) with a destination
buffer of 256 bytes.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/chmpokbof.zip


#######################################################################

======
4) Fix
======


The vendor has handled this security bug as a "normal" bug so no patch
is planned.


#######################################################################


--- 
Luigi Auriemma 
http://aluigi.altervista.org