client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and previous versions allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
id software quake 3 engine icculus_804 |
||
id software quake 3 engine icculus_805 |
||
id software quake 3 engine 1.32c |
||
id software quake 3 engine icculus_803 |
||
id software quake 3 engine icculus_810 |
||
id software quake 3 engine |
||
id software quake 3 engine 1.32b |
||
id software quake 3 engine icculus_808 |
||
id software quake 3 engine icculus_809 |
||
id software quake 3 engine icculus_806 |
||
id software quake 3 engine icculus_807 |