CVE-2006-3325

The CVE affects the client component (cl_parse.c) of the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier. The flaw allows remote servers to send a sequence of cvar names/values that can overwrite write-protected client cvars, such as cl_allowdownload (A...

CVE-2006-3325

client/clparse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine ioquake3 revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as clallowdownload for Automatic Downloading and fshomepath for the quake3...