CVE-2011-2764 — HIGH (10.0)

Q: How severe is CVE-2011-2764?

CVE-2011-2764 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2764?

Check the references section above for vendor advisories and patch information. Affected products include: Ioquake3 Ioquake3 Engine, Openarena Openarena, Smokin-Guns Smokin\' Guns, Tremulous Tremulous, Urbanterror Iourbanterror.

Vulnerability Description

The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Ioquake3	Ioquake3 Engine	<= 1.36
Openarena	Openarena	All versions
Smokin-Guns	Smokin\' Guns	All versions
Tremulous	Tremulous	All versions
Urbanterror	Iourbanterror	All versions
Worldofpadman	World Of Padman	All versions

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2011-2764?

CVE-2011-2764 is a vulnerability with a CVSS score of 10.0 (HIGH). The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not pro...

How severe is CVE-2011-2764?

CVE-2011-2764 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2764?

Check the references section above for vendor advisories and patch information. Affected products include: Ioquake3 Ioquake3 Engine, Openarena Openarena, Smokin-Guns Smokin\' Guns, Tremulous Tremulous, Urbanterror Iourbanterror.