CVE-2011-2764
Last modified
CVE-2011-2764 is a vulnerability of currently unknown severity. The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.. EPSS estimates a 8.69% chance of exploitation in the next 30 days.
Description
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ioquake3 | Ioquake3 Engine | <= 1.36 | — |
| Ioquake3 | Ioquake3 Engine | 1.36 | Rc1 |
| Openarena | Openarena | All versions | — |
| Smokin-Guns | Smokin\' Guns | All versions | — |
| Tremulous | Tremulous | All versions | — |
| Urbanterror | Iourbanterror | All versions | — |
| Worldofpadman | World Of Padman | All versions | — |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=725951Exploit, Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=725951Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-2764?
How severe is CVE-2011-2764?
How do I fix CVE-2011-2764?
Are you affected by CVE-2011-2764?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST