CVE-2012-1189

2012-10-0818:55:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.135

Percentile

95.7%

JSON

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Affected configurations

Nvd

Node

bernhard_wymanntorcsRange≤1.3.2

bernhard_wymanntorcsMatch1.2.3

bernhard_wymanntorcsMatch1.2.4

bernhard_wymanntorcsMatch1.3.0

bernhard_wymanntorcsMatch1.3.1

speed-dreamsspeed_dreamsMatch-

VendorProductVersionCPE
bernhard_wymanntorcs*cpe:2.3:a:bernhard_wymann:torcs:*:*:*:*:*:*:*:*
bernhard_wymanntorcs1.2.3cpe:2.3:a:bernhard_wymann:torcs:1.2.3:*:*:*:*:*:*:*
bernhard_wymanntorcs1.2.4cpe:2.3:a:bernhard_wymann:torcs:1.2.4:*:*:*:*:*:*:*
bernhard_wymanntorcs1.3.0cpe:2.3:a:bernhard_wymann:torcs:1.3.0:*:*:*:*:*:*:*
bernhard_wymanntorcs1.3.1cpe:2.3:a:bernhard_wymann:torcs:1.3.1:*:*:*:*:*:*:*
speed-dreamsspeed_dreams-cpe:2.3:a:speed-dreams:speed_dreams:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bernhard_wymann	torcs	*	cpe:2.3:a:bernhard_wymann:torcs::::::::
bernhard_wymann	torcs	1.2.3	cpe:2.3:a:bernhard_wymann:torcs:1.2.3:::::::*
bernhard_wymann	torcs	1.2.4	cpe:2.3:a:bernhard_wymann:torcs:1.2.4:::::::*
bernhard_wymann	torcs	1.3.0	cpe:2.3:a:bernhard_wymann:torcs:1.3.0:::::::*
bernhard_wymann	torcs	1.3.1	cpe:2.3:a:bernhard_wymann:torcs:1.3.1:::::::*
speed-dreams	speed_dreams	-	cpe:2.3:a:speed-dreams:speed_dreams:-:::::::*