Live for Speed (LFS) is "one of the most known and cool car racing simulators available and allows to do a lot of things: races, autocross, drifting, drag races, demolition derby, knock out and more".
Client buffer-overflow during skins handling allows remote attacker (other client or the server) to execute malicious code on the vulnerable system.
Vulnerable Systems:
* Live for Speed version 0.5X10
Live for Speed allows the players to use different skins for their cars, which can be those available by default or just new skins in DDS format created by the same users.
When a player, after having joined the server, decides to enter on the track, a packet with all the informations about his car (like setup, colors and skin) is sent to the server which forwards some of these data to all the other connected clients.
The field which contains the name of the skin in use by the player is a field of 16 bytes which is read by the clients and concatenated to the name of his car for the subsequent loading of the needed DDS file from the local skins folders. The operation is made without the proper checks resulting in a stack buffer-overflow.
So, in short, any client which can join a server and can race on it (not as spectator) can also be able to exploit this vulnerability for crashing or possibly executing malicious code (the maximum number of allowed chars is 48) on all the clients connected to the server, except himself.
Patch Availability:
No fix. Developers have not been contacted since still exist (not patched yet) other buffer overflow vulnerabilities which affect the clients locally.
