Vulnerabilities > CVE-2003-0650 - File Corruption vulnerability in Gamespy Arcade GSAPAK.EXE .APK Extraction

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

gamespy

NVD

Published: 2003-08-27

Updated: 2016-10-18

Summary

Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.

Vulnerable Configurations

Part	Description	Count
Application	Gamespy Gamespy Arcade *	1

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0064.html
http://marc.info/?l=bugtraq&m=105958779017085&w=2
http://www.gamespyarcade.com/features/versions.shtml
http://www.securityfocus.com/bid/8309