CVE-2011-3012
09.08.2011, 20:55
The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ioquake3 | ioquake3_engine | * |
| tremulous | tremulous | 1.1.0 |
| worldofpadman | world_of_padman | 𝑥 ≤ 1.2 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ioquake3 |
| ||||||||||
| openarena |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ioquake3 |
|
Common Weakness Enumeration
References