Published: 09/08/2011 Updated: 09/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The ioQuake3 engine, as used in World of Padman 1.2 and previous versions, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote malicious users to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.

Vulnerable Product	Search on Vulmon	Subscribe to Product
worldofpadman world of padman
ioquake3 ioquake3 engine
tremulous tremulous 1.1.0
urbanterror iourbanterror 2007-12-20

Debian Bug report logs - #660834 tremulous: CVE-2006-3325 ("q3cfilevar-B") configuration overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:59:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in vers ...

Debian Bug report logs - #660832 tremulous: CVE-2006-3324 ("q3cfilevar-A") arbitrary file overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:41 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in ver ...

Debian Bug report logs - #660827 tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:39:01 UTC Severity: grave Tags: security Found in version tremulous/1 ...

Debian Bug report logs - #660836 tremulous: CVE-2011-2764, CVE-2011-3012 DLL overwriting by malicious bytecode Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 09:06:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fix ...

Debian Bug report logs - #660831 tremulous-server: CVE-2006-2082 arbitrary file download from server Package: tremulous-server; Maintainer for tremulous-server is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:28 UTC Severity: grave Tags: security Found in version tremulous/110-41 ...

CWE-20 http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html https://bugzilla.redhat.com/show_bug.cgi?id=725951 http://www.securityfocus.com/bid/48915 http://securityreason.com/securityalert/8324 https://security.gentoo.org/glsa/201706-23 https://exchange.xforce.ibmcloud.com/vulnerabilities/69164 https://exchange.xforce.ibmcloud.com/vulnerabilities/68870 http://www.securityfocus.com/archive/1/519051/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660834

CVE-2011-3012

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect