client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and previous versions allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
id software quake 3 engine icculus 808 |
||
id software quake 3 engine icculus 809 |
||
id software quake 3 engine icculus 807 |
||
id software quake 3 engine icculus 803 |
||
id software quake 3 engine icculus 805 |
||
id software quake 3 engine |
||
id software quake 3 engine 1.32b |
||
id software quake 3 engine icculus 806 |
||
id software quake 3 engine icculus 810 |
||
id software quake 3 engine 1.32c |
||
id software quake 3 engine icculus 804 |