CVE-2007-4140 - Vulnerability Details - OpenCVE

Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lfs	Live For Speed S2

Configuration 1 [-]

cpe:2.3:a:lfs:live_for_speed_s2:alpha_patch_0.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/25168
http://www.securityfocus.com/bid/25208
https://exchange.xforce.ibmcloud.com/vulnerabilities/35729
https://www.exploit-db.com/exploits/4252

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-03T10:00:00

Updated: 2024-08-07T14:46:39.056Z

Reserved: 2007-08-02T00:00:00

Link: CVE-2007-4140

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-03T10:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4140

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4252", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4252"}, {"name": "lfs-mpr-bo(35729)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35729"}, {"name": "25168", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25168"}, {"name": "25208", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-4140", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4252", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4252"}, {"name": "lfs-mpr-bo(35729)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35729"}, {"name": "25168", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25168"}, {"name": "25208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25208"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.056Z"}, "title": "CVE Program Container", "references": [{"name": "4252", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4252"}, {"name": "lfs-mpr-bo(35729)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35729"}, {"name": "25168", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25168"}, {"name": "25208", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25208"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4140", "datePublished": "2007-08-03T10:00:00", "dateReserved": "2007-08-02T00:00:00", "dateUpdated": "2024-08-07T14:46:39.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lfs:live_for_speed_s2:alpha_patch_0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1E69C9A4-5555-498D-BC2F-97838CBF3EE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Live for Speed (LFS) S2 ALPHA PATCH 0.5x permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .mpr (fichero de repetici\u00f3n) que contiene un nombre de coche largo."}], "id": "CVE-2007-4140", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-03T10:17:00.000", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/25168"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/25208"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35729"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/4252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4252"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}