Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15742
http://securitytracker.com/id?1009667
http://secunia.com/advisories/11299