Vulnerabilities > CVE-2006-2875 - Unspecified vulnerability in ID Software Quake 3 Engine
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN id-software
exploit available
Summary
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Quake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability. CVE-2006-2875. Dos exploits for multiple platform |
| id | EDB-ID:27969 |
| last seen | 2016-02-03 |
| modified | 2006-06-05 |
| published | 2006-06-05 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/27969/ |
| title | Quake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability |
References
- http://aluigi.altervista.org/adv/q3cbof-adv.txt
- http://aluigi.altervista.org/adv/q3cbof-adv.txt
- http://secunia.com/advisories/20401
- http://secunia.com/advisories/20401
- http://securitytracker.com/id?1016219
- http://securitytracker.com/id?1016219
- http://www.securityfocus.com/archive/1/435963/100/0/threaded
- http://www.securityfocus.com/archive/1/435963/100/0/threaded
- http://www.securityfocus.com/bid/18271
- http://www.securityfocus.com/bid/18271
- http://www.vupen.com/english/advisories/2006/2129
- http://www.vupen.com/english/advisories/2006/2129