CVE-2011-2764

{"id": "CVE-2011-2764", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-08-04T02:45:32.343", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/45539", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/45540", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8324", "source": "cve@mitre.org"}, {"url": "http://svn.icculus.org/quake3?view=rev&revision=2098", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/48915", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201706-23", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/45539", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/45540", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/8324", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.icculus.org/quake3?view=rev&revision=2098", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/48915", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201706-23", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file."}, {"lang": "es", "value": "La funci\u00f3n FS_CheckFilenameIsNotExecutable de qcommon/files.c en el motor de ioQuake3 1.36 y versiones anteriores, tal como se usa en \"World of Padman\", \"Smokin' Guns\", OpenArena, Tremulous y ioUrbanTerror, no detecta extensiones de archivo peligrosas, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un complemento de terceras partes modificado que crea un archivo DLL troyanizado."}], "lastModified": "2024-11-21T01:28:55.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A70EB58-3D3F-4A80-AD7C-0592C3BD3D3C", "versionEndIncluding": "1.36"}, {"criteria": "cpe:2.3:a:ioquake3:ioquake3_engine:1.36:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631580B6-FB90-44D0-A960-DE418F684FF2"}, {"criteria": "cpe:2.3:a:openarena:openarena:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66CEED6-0C18-4A8C-8369-2C8E23434587"}, {"criteria": "cpe:2.3:a:smokin-guns:smokin\\'_guns:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00EBAD21-CC29-4EF3-BE6D-334734D175FE"}, {"criteria": "cpe:2.3:a:tremulous:tremulous:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63624600-4577-4D6E-A733-1668CFD7732C"}, {"criteria": "cpe:2.3:a:urbanterror:iourbanterror:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CA0A90-BF68-4294-86E5-4CF170709C08"}, {"criteria": "cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7D65EC1-0FB2-4628-B877-EE1B00A26B56"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}