CVE-2012-1189

2022-10-0316:15:26

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-1189

buffer overflow

torcs

speed dreams

remote code execution

xml configuration file

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Affected configurations

NVD

Node

bernhard_wymanntorcsRange≤1.3.2

bernhard_wymanntorcsMatch1.2.3

bernhard_wymanntorcsMatch1.2.4

bernhard_wymanntorcsMatch1.3.0

bernhard_wymanntorcsMatch1.3.1

speed-dreamsspeed_dreamsMatch-

CPENameOperatorVersion
bernhard_wymann:torcsbernhard wymann torcsle1.3.2
bernhard_wymann:torcsbernhard wymann torcseq1.2.3
bernhard_wymann:torcsbernhard wymann torcseq1.2.4
bernhard_wymann:torcsbernhard wymann torcseq1.3.0
bernhard_wymann:torcsbernhard wymann torcseq1.3.1
speed-dreams:speed_dreamsspeed-dreams speed dreamseq-

CPE	Name	Operator	Version
bernhard_wymann:torcs	bernhard wymann torcs	le	1.3.2
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.2.3
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.2.4
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.3.0
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.3.1
speed-dreams:speed_dreams	speed-dreams speed dreams	eq	-