Vulnerability Description
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bernhard Wymann | Torcs | <= 1.3.2 |
| Speed-Dreams | Speed Dreams | - |
Related Weaknesses (CWE)
References
- http://freecode.com/projects/torcs/releases/341672Patch
- http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79Patch
- http://www.exploit-db.com/exploits/18471Exploit
- http://www.openwall.com/lists/oss-security/2012/02/18/2Exploit
- http://www.openwall.com/lists/oss-security/2012/03/05/18Exploit
- http://www.osvdb.org/79372
- http://freecode.com/projects/torcs/releases/341672Patch
- http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79Patch
- http://www.exploit-db.com/exploits/18471Exploit
- http://www.openwall.com/lists/oss-security/2012/02/18/2Exploit
- http://www.openwall.com/lists/oss-security/2012/03/05/18Exploit
- http://www.osvdb.org/79372
FAQ
What is CVE-2012-1189?
CVE-2012-1189 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary cod...
How severe is CVE-2012-1189?
CVE-2012-1189 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1189?
Check the references section above for vendor advisories and patch information. Affected products include: Bernhard Wymann Torcs, Speed-Dreams Speed Dreams.