Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1189

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1189
Last Modified 09 Oct 2012 12:00:00
Published 08 Oct 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1189

Summary

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Vulnerable Systems

Application

  • Bernhard Wymann Torcs 1.2.3

  • Bernhard Wymann Torcs 1.2.4

  • Bernhard Wymann Torcs 1.3.0

  • Bernhard Wymann Torcs 1.3.1

  • Bernhard Wymann Torcs 1.3.2

  • Speed-dreams Speed Dreams -


References

OSVDB - 79372

MLIST - [oss-security] 20120305 Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189

MLIST - [oss-security] 20120218 TORCS 1.3.2 xml buffer overflow - CVE-2012-1189

EXPLOIT-DB - 18471

CONFIRM - http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79

CONFIRM - http://freecode.com/projects/torcs/releases/341672


Last Updated: 27 May 2016 11:00:54