Unrated severityNVD Advisory· Published Oct 6, 2007· Updated Apr 23, 2026

CVE-2007-5247

Description

Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

Affected products

Monolith Productions/First Encounter Assault Recon
cpe:2.3:a:monolith_productions:first_encounter_assault_recon:*:*:*:*:*:*:*:*
Range: <=1.08

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aluigi.altervista.org/adv/fearfspb-adv.txtnvdExploit
aluigi.org/poc/fearfspb.zipnvdExploit
osvdb.org/45530nvd
osvdb.org/45531nvd
securityreason.com/securityalert/3197nvd
www.securityfocus.com/archive/1/481231/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/36900nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000