On Sep 17, 2007, at 2:16 PM, Karthik Arumugham wrote:

> On Sep 16, 2007, at 1:34 AM, Zach wrote:
>> "87% damaged" showed up as "87 32768amaged" in COW when i sent his
>> slot @, it appeared fine in the player list and in console it said:
>> Unrecognizable special character in macro pass2:    Trying to  
>> continue.
> A fix for this potential vulnerability has been pushed to my darcs  
> repository.

To clarify: this is not a bug in COW. This is a bug in the  
'whois'/'@' command in the Vanilla server. The presence of % in a  
name or login caused it to be parsed as a format string identifier.  
There may be an unrelated bug in COW causing your macro error.

Fix has been pushed to pickled as well. Other server admins are urged  
to apply this fix, as it is a potential vulnerability. (I do not  
believe there is any way to exploit it, however, past possibly  
crashing the ntserv process of someone with a %.)