---

Friday 12.16.2011 [9:00PM]

Two vulnerabilities involving version 1034 of the PnkBstrA.exe Windows service were recently discovered and reported. One potentially allows an attacker to elevate from a non administrator user to an administrator user and the other allows a non administrator user to read data from other processes running on the computer where PnkBstrA.exe is running. Both require the attacker to already have access to the computer where PnkBstrA.exe is installed and active. New version 1035 which addresses the vulnerabilities is available for installation using our pbsvc.exe tool. Thanks to NGS Secure for discovering the vulnerabilities and reporting them to us in a professional manner.

---

Monday 05.22.2006 [8:00PM]

A serious security (buffer overrun) flaw involving PunkBuster was recently discovered and reported. This flaw affects the optional WebTool component of PunkBuster servers on all platforms and for all supported games. This flaw does not affect game players (the PunkBuster Client) nor default installations of the PunkBuster Server, only PB Server installations where the server admin configured the use of the pb_sv_httpPort setting. An attacker with knowledge of the flaw can exploit it by crashing the game server at will. New PB Server Version v1.229 which addresses the flaw began going out for all supported games via our auto-update system within a few hours of the report. Any and all PB Server admins who use the WebTool are strongly encouraged to verify that they are running version v1.229 or higher of the PB Server on all of their servers that have PunkBuster enabled. Thanks to Luigi Auriemma for discovering the vulnerability and reporting it to us in a professional manner.