CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
80.7%
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Vendor | Product | Version | CPE |
---|---|---|---|
id_software | quake_3_engine | * | cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:* |
id_software | quake_3_engine | 1.32b | cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:* |
id_software | quake_3_engine | 1.32c | cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_803 | cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_804 | cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_805 | cpe:2.3:a:id_software:quake_3_engine:icculus_805:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_806 | cpe:2.3:a:id_software:quake_3_engine:icculus_806:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_807 | cpe:2.3:a:id_software:quake_3_engine:icculus_807:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_808 | cpe:2.3:a:id_software:quake_3_engine:icculus_808:*:*:*:*:*:*:* |
id_software | quake_3_engine | icculus_809 | cpe:2.3:a:id_software:quake_3_engine:icculus_809:*:*:*:*:*:*:* |
aluigi.altervista.org/adv/q3cfilevar-adv.txt
secunia.com/advisories/20401
secunia.com/advisories/20851
securityreason.com/securityalert/1171
www.securityfocus.com/archive/1/438515/100/0/threaded
www.securityfocus.com/archive/1/438660/100/0/threaded
www.securityfocus.com/bid/18685
www.vupen.com/english/advisories/2006/2569
exchange.xforce.ibmcloud.com/vulnerabilities/26889
exchange.xforce.ibmcloud.com/vulnerabilities/27486