Vulnerabilities > CVE-2006-2875 - Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
id-software
exploit available

Summary

Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.

Vulnerable Configurations

Part Description Count
Application
Id_Software
1

Exploit-Db

descriptionQuake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability. CVE-2006-2875. Dos exploits for multiple platform
idEDB-ID:27969
last seen2016-02-03
modified2006-06-05
published2006-06-05
reporterLuigi Auriemma
sourcehttps://www.exploit-db.com/download/27969/
titleQuake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability