CVE-2012-1189

2022-10-0316:15:26

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-1189

buffer overflow

torcs

speed dreams

remote code execution

xml configuration file

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.6%

JSON

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Affected configurations

NVD

Node

bernhard_wymanntorcsRange≤1.3.2

bernhard_wymanntorcsMatch1.2.3

bernhard_wymanntorcsMatch1.2.4

bernhard_wymanntorcsMatch1.3.0

bernhard_wymanntorcsMatch1.3.1

speed-dreamsspeed_dreamsMatch-

CPENameOperatorVersion
bernhard_wymann:torcsbernhard wymann torcsle1.3.2
bernhard_wymann:torcsbernhard wymann torcseq1.2.3
bernhard_wymann:torcsbernhard wymann torcseq1.2.4
bernhard_wymann:torcsbernhard wymann torcseq1.3.0
bernhard_wymann:torcsbernhard wymann torcseq1.3.1
speed-dreams:speed_dreamsspeed-dreams speed dreamseq-

CPE	Name	Operator	Version
bernhard_wymann:torcs	bernhard wymann torcs	le	1.3.2
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.2.3
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.2.4
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.3.0
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.3.1
speed-dreams:speed_dreams	speed-dreams speed dreams	eq	-