Search for vulnerabilities
| Vulnerability ID | VCID-s89u-95w6-aaaf |
| Aliases |
CVE-2007-4370
|
| Summary | Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 6.8 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Reference id | Reference type | URL |
|---|---|---|
| http://osvdb.org/39601 | ||
| https://api.first.org/data/v1/epss?cve=CVE-2007-4370 | ||
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35991 | ||
| https://www.exploit-db.com/exploits/4283 | ||
| http://www.securityfocus.com/bid/25297 | ||
| cpe:2.3:a:racer:racer:0.5.3:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:racer:racer:0.5.3:*:*:*:*:*:*:* | |
| CVE-2007-4370 | https://nvd.nist.gov/vuln/detail/CVE-2007-4370 | |
| CVE-2007-4370;OSVDB-39601 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16694.rb |
| GLSA-201412-09 | https://security.gentoo.org/glsa/201412-09 | |
| OSVDB-39601;CVE-2007-4370 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/4283.pl |
| OSVDB-39601;CVE-2007-4370 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/8253.c |
| Data source | Exploit-DB |
|---|---|
| Date added | March 19, 2009 |
| Description | Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow |
| Ransomware campaign use | Known |
| Source publication date | March 20, 2009 |
| Exploit type | remote |
| Platform | windows |
| Source update date | Oct. 27, 2016 |
| Data source | Metasploit |
|---|---|
| Description | This module exploits the Racer Car and Racing Simulator game versions v0.5.3 beta 5 and earlier. Both the client and server listen on UDP port 26000. By sending an overly long buffer we are able to execute arbitrary code remotely. |
| Note | {}
|
| Ransomware campaign use | Unknown |
| Source publication date | Aug. 10, 2008 |
| Platform | Windows |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/games/racer_503beta5.rb |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Percentile | 0.98854 |
| EPSS Score | 0.7605 |
| Published At | March 28, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| There are no relevant records. | ||||