CVE-2006-3324

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Date published : 2006-06-30

http://www.securityfocus.com/bid/18685

http://www.securityfocus.com/archive/1/438515/100/0/threaded