Vulnerability Details : CVE-2006-3324
Potential exploit
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Products affected by CVE-2006-3324
- cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
- cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
- cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
- cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3324
2.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3324
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-3324
-
http://www.securityfocus.com/archive/1/438660/100/0/threaded
-
http://securityreason.com/securityalert/1171
UPDATE: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) - CXSecurity.com
-
http://www.securityfocus.com/bid/18685
Exploit
-
http://www.vupen.com/english/advisories/2006/2569
Site en construction
-
http://www.securityfocus.com/archive/1/438515/100/0/threaded
-
http://svn.icculus.org/quake3?rev=804&view=rev
[quake3] Revision 804
-
http://aluigi.altervista.org/adv/q3cfilevar-adv.txt
Exploit
-
http://secunia.com/advisories/20851
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/20401
About Secunia Research | FlexeraVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27486
Quake 3 engine cvar file overwrite CVE-2006-3324 Vulnerability Report
Jump to