1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. DOOM3 Engine Console Format String Vulnerability

DOOM3 Engine Console Format String Vulnerability

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects an attempt to pass maliciously crafted values to a vulnerable function in the Doom 3 Engine.

Additional Information

The Doom 3 engine is the underlying engine used for several video games developed by id Software. PunkBuster is an anti-cheating program commonly used on public game servers.

The Doom 3 engine is prone to a format-string vulnerability that affects a 'printf()'-type function that is used during the visualization of strings in the engine's command console. This vulnerability occurs in conjunction with PunkBuster. Although the data passed to the function is properly sanitized to remove potentially malicious format-specifier characters, user-supplied data sent via PunkBuster PB_Y (YPG server) and PB_U (UCON) UDP packets will override those sanity checks.

Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions.

NOTE: Attackers can exploit this issue when a game server using the affected engine has PunkBuster software enabled; other addon applications may also provide attack vectors.


  • id Software Doom 3.0
  • id Software Doom 3 1.3.1
  • id Software Prey 1.3
  • id Software Quake 4 1.4.2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube