CVE-2012-1189

2012-10-0818:55:01

CWE-119

mitre

web.nvd.nist.gov

cve-2012-1189

buffer overflow

torcs

speed dreams

remote code execution

xml configuration file

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

Low

EPSS

0.135

Percentile

95.7%

JSON

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Affected configurations

Nvd

Node

bernhard_wymanntorcsRange≤1.3.2

bernhard_wymanntorcsMatch1.2.3

bernhard_wymanntorcsMatch1.2.4

bernhard_wymanntorcsMatch1.3.0

bernhard_wymanntorcsMatch1.3.1

speed-dreamsspeed_dreamsMatch-

VendorProductVersionCPE
bernhard_wymanntorcs*cpe:2.3:a:bernhard_wymann:torcs:*:*:*:*:*:*:*:*
bernhard_wymanntorcs1.2.3cpe:2.3:a:bernhard_wymann:torcs:1.2.3:*:*:*:*:*:*:*
bernhard_wymanntorcs1.2.4cpe:2.3:a:bernhard_wymann:torcs:1.2.4:*:*:*:*:*:*:*
bernhard_wymanntorcs1.3.0cpe:2.3:a:bernhard_wymann:torcs:1.3.0:*:*:*:*:*:*:*
bernhard_wymanntorcs1.3.1cpe:2.3:a:bernhard_wymann:torcs:1.3.1:*:*:*:*:*:*:*
speed-dreamsspeed_dreams-cpe:2.3:a:speed-dreams:speed_dreams:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bernhard_wymann	torcs	*	cpe:2.3:a:bernhard_wymann:torcs::::::::
bernhard_wymann	torcs	1.2.3	cpe:2.3:a:bernhard_wymann:torcs:1.2.3:::::::*
bernhard_wymann	torcs	1.2.4	cpe:2.3:a:bernhard_wymann:torcs:1.2.4:::::::*
bernhard_wymann	torcs	1.3.0	cpe:2.3:a:bernhard_wymann:torcs:1.3.0:::::::*
bernhard_wymann	torcs	1.3.1	cpe:2.3:a:bernhard_wymann:torcs:1.3.1:::::::*
speed-dreams	speed_dreams	-	cpe:2.3:a:speed-dreams:speed_dreams:-:::::::*