Vulnerability Details : CVE-2011-2764
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.
Vulnerability category: Input validationExecute code
Products affected by CVE-2011-2764
- cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:ioquake3:ioquake3_engine:1.36:rc1:*:*:*:*:*:*
- cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*
- cpe:2.3:a:openarena:openarena:*:*:*:*:*:*:*:*
- cpe:2.3:a:smokin-guns:smokin\'_guns:*:*:*:*:*:*:*:*
- cpe:2.3:a:tremulous:tremulous:*:*:*:*:*:*:*:*
- cpe:2.3:a:urbanterror:iourbanterror:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2764
10.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2764
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-2764
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2764
-
http://www.securityfocus.com/bid/48915
ioQuake3 Engine Multiple Remote Code Execution Vulnerabilities
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
[SECURITY] Fedora 14 Update: quake3-1.36-11.svn2102.fc14
-
https://security.gentoo.org/glsa/201706-23
Urban Terror: Multiple vulnerabilities (GLSA 201706-23) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68870
ioQuake3 Engine game code code execution CVE-2011-2764 Vulnerability Report
-
http://securityreason.com/securityalert/8324
ioQuake3 Remote shell injection - CXSecurity.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=725951
725951 – (CVE-2011-1412, CVE-2011-2764, CVE-2011-3012) CVE-2011-1412 CVE-2011-2764 CVE-2011-3012 quake3: arbitrary code execution vulnerabilites in ioquake3Exploit;Patch
-
http://www.securityfocus.com/archive/1/519051/100/0/threaded
SecurityFocus
-
http://svn.icculus.org/quake3?view=rev&revision=2098
[quake3] Revision 2098Patch
-
http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff
404 Not FoundPatch
-
http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html
Exploit
Jump to