CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3325

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.041

EPSS Ranking 88.0%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2006-3325

Id Software » Quake 3 Engine » Version: Any

cpe:2.3:a:id_software:quake_3_engine:*
Id Software » Quake 3 Engine » Version: 1.32b

cpe:2.3:a:id_software:quake_3_engine:1.32b
Id Software » Quake 3 Engine » Version: 1.32c

cpe:2.3:a:id_software:quake_3_engine:1.32c
Id Software » Quake 3 Engine » Version: icculus_803

cpe:2.3:a:id_software:quake_3_engine:icculus_803
Id Software » Quake 3 Engine » Version: icculus_804

cpe:2.3:a:id_software:quake_3_engine:icculus_804
Id Software » Quake 3 Engine » Version: icculus_805

cpe:2.3:a:id_software:quake_3_engine:icculus_805
Id Software » Quake 3 Engine » Version: icculus_806

cpe:2.3:a:id_software:quake_3_engine:icculus_806
Id Software » Quake 3 Engine » Version: icculus_807

cpe:2.3:a:id_software:quake_3_engine:icculus_807
Id Software » Quake 3 Engine » Version: icculus_808

cpe:2.3:a:id_software:quake_3_engine:icculus_808
Id Software » Quake 3 Engine » Version: icculus_809

cpe:2.3:a:id_software:quake_3_engine:icculus_809
Id Software » Quake 3 Engine » Version: icculus_810

cpe:2.3:a:id_software:quake_3_engine:icculus_810

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3325

Products

Pricing

Contact Us