Vulnerabilities > CVE-2006-3324 - Multiple vulnerability in Quake 3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
id-software
exploit available

Summary

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Exploit-Db

descriptionQuake 3 Engine Client CG_ServerCommand() Remote Overflow Exploit. CVE-2006-3324,CVE-2006-3325,CVE-2006-3400. Dos exploit for windows platform
fileexploits/windows/dos/1976.cpp
idEDB-ID:1976
last seen2016-01-31
modified2006-07-02
platformwindows
port
published2006-07-02
reporterRunningBon
sourcehttps://www.exploit-db.com/download/1976/
titleQuake 3 Engine Client CG_ServerCommand Remote Overflow Exploit
typedos