CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-2764

The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.058

EPSS Ranking 90.1%

CVSS Severity

CVSS v2 Score 10.0

References

Products affected by CVE-2011-2764

Ioquake3 » Ioquake3 Engine » Version: Any

cpe:2.3:a:ioquake3:ioquake3_engine:*
Ioquake3 » Ioquake3 Engine » Version: 1.36

cpe:2.3:a:ioquake3:ioquake3_engine:1.36
Openarena » Openarena » Version: Any

cpe:2.3:a:openarena:openarena:*
Smokin-Guns » Smokin' Guns » Version: Any

cpe:2.3:a:smokin-guns:smokin'_guns:*
Tremulous » Tremulous » Version: Any

cpe:2.3:a:tremulous:tremulous:*
Urbanterror » Iourbanterror » Version: Any

cpe:2.3:a:urbanterror:iourbanterror:*
Worldofpadman » World Of Padman » Version: Any

cpe:2.3:a:worldofpadman:world_of_padman:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-2764

Products

Pricing

Contact Us