Vulnerabilities > CVE-2006-3324 - Unspecified vulnerability in ID Software Quake 3 Engine

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

id-software

exploit available

NVD

Published: 2006-06-30

Updated: 2024-11-21

Summary

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Vulnerable Configurations

Part	Description	Count
Application	Id_Software ID Software Quake 3 Engine Icculus_803 ID Software Quake 3 Engine * ID Software Quake 3 Engine 1.32B ID Software Quake 3 Engine 1.32C ID Software Quake 3 Engine Icculus_804	5

Exploit-Db

description	Quake 3 Engine Client CG_ServerCommand() Remote Overflow Exploit. CVE-2006-3324,CVE-2006-3325,CVE-2006-3400. Dos exploit for windows platform
file	exploits/windows/dos/1976.cpp
id	EDB-ID:1976
last seen	2016-01-31
modified	2006-07-02
platform	windows
port
published	2006-07-02
reporter	RunningBon
source	https://www.exploit-db.com/download/1976/
title	Quake 3 Engine Client CG_ServerCommand Remote Overflow Exploit
type	dos

Summary

Vulnerable Configurations

Exploit-Db

References