#######################################################################

                             Luigi Auriemma

Application:  Master of Orion III
              http://moo3.quicksilver.com
Versions:     <= 1.2.5
Platforms:    Windows and MacOS
Bugs:         - allocation error
              - big nicknames crash
Exploitation: remote, versus server
Date:         27 October 2004
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Master of Orion III is a spatial strategy game developed by Quicksilver
(http://www.quicksilver.com) and distribuited by Atari
(http://www.atari.com).
Has been released in February 2003.


#######################################################################

=======
2) Bugs
=======


-------------------
A] allocation error
-------------------

Each data block exchanged between clients and server is preceded by a
32 bits number used to specify its size.
This amount of data is automatically allocated by the game and if it is
too big, and so unallocable, the game automatically exits.


----------------------
B] big nicknames crash
----------------------

The game uses some anti buffer-overflow protections but if an attacker
makes multiple consecutive connections (variable between 1 and 10)
using big nicknames, the game crashs.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/moo3boom.zip


#######################################################################

======
4) Fix
======


No fix.
Developers will not fix this problem unless there are significant
incidents reported.


#######################################################################