Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3012

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3012
Last Modified 21 Sep 2011 11:32:41
Published 09 Aug 2011 04:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3012

Summary

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.

Vulnerable Systems

Application

  • Ioquake3 Engine

  • Iourbanterror 2007-12-20

  • Tremulous 1.1.0

  • Worldofpadman World Of Padman 1.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=725951

XF - ioquake-file-extensions-code-execution(69164)

XF - ioquake-gamecode-code-execution(68870)

BID - 48915

BUGTRAQ - 20110728 Two security issues fixed in ioQuake3 engine

SREASON - 8324


Last Updated: 27 May 2016 10:57:14