Open Racing Car Simulator (TORCS) is vulnerable to arbitrary code execution. A remote attacker could inject and execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
CPE | Name | Operator | Version |
---|---|---|---|
torcs:stretch | eq | 1.3.3+dfsg2-1 | |
torcs:stretch | eq | 1.3.3+dfsg2-1 |
freecode.com/projects/torcs/releases/341672
torcs.sourceforge.net/index.php?name=News&file=article&sid=79
www.exploit-db.com/exploits/18471
www.openwall.com/lists/oss-security/2012/02/18/2
www.openwall.com/lists/oss-security/2012/03/05/18
www.osvdb.org/79372
security-tracker.debian.org/tracker/CVE-2012-1189