Info

Disclosure

May 24, 2005

Discovery

Apr 24, 2005

Dates

Exploit

May 24, 2005

Solution

Unknown

Description

Halo: Combat Evolved contains a flaw that may allow a remote denial of service. The issue is triggered when sending malformed data, which causes the application to go into an infinite loop and consume all available CPU resources resulting in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Halo: Combat Evolved

1.06

References

Security Tracker: 1014067
Bugtraq ID: 13728
Secunia Advisory ID: 15501
CVE ID: 2005-1741 (see also: NVD)
Other Advisory URL: http://aluigi.altervista.org/adv/haloloop-adv.txt
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0547.html
Vendor URL: http://www.microsoft.com/games/pc/halo.aspx

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218