Critical Vulnerability Information 1. Application Name: IGI 2: Covert Strike Link: http://www.igi2-game.com 2. Version Affected Versions: ≤ 1.3 3. Platform Operating System: Windows, Linux 4. Vulnerability Details Type: Format String Vulnerability Impact: Remote Exploitation, Targeting Server Description: The logging function in the IGI 2 server (used for RCON commands) contains a format string vulnerability. This affects both dedicated and regular servers, and the logging function cannot be disabled. Demonstration: An attacker sends , and the server log displays formatted data as follows: 5. Root Cause Function: Issue: After using to append a timestamp, the necessary format parameter is not included, and the entire string is directly passed to . 6. Code & Patch Test Code: http://aluigi.org/poc/igi2fs.zip Fix Patches: - Windows: http://aluigi.org/patches/igi2fsfix.lpatch - Linux: http://aluigi.org/patches/igi2fsfix_linux.lpatch 7. Official Response Status: Developers have not responded to emails; no official fix is currently available.