Unrated severityNVD Advisory· Published Mar 3, 2008· Updated Apr 23, 2026

CVE-2008-1127

Description

Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

Affected products

Crytek/Crysis
cpe:2.3:a:crytek:crysis:1.1.1.5879:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/29155nvd
www.securityfocus.com/bid/28039nvd
www.vupen.com/english/advisories/2008/0735nvd
www.exploit-db.com/exploits/5201nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000