CVE-2006-3324

Quake 3 Engine - Arbitrary File Overwrite via Automatic Downloading

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3324.

AI-analyzed exploit summary This is a functional exploit for a remote stack overflow in the Quake 3 engine's CG_ServerCommand function. It uses DLL injection and the Microsoft Detours library to hook the SV_SendServerCommand function, allowing arbitrary code execution via a crafted string.

Description

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Exploits (1)

exploitdb WORKING POC

cppdoswindows

https://www.exploit-db.com/exploits/1976

View Code ZIP pw:eip

This is a functional exploit for a remote stack overflow in the Quake 3 engine's CG_ServerCommand function. It uses DLL injection and the Microsoft Detours library to hook the SV_SendServerCommand function, allowing arbitrary code execution via a crafted string.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SOF2MP GOLD V1.03

No auth needed

Prerequisites: Microsoft Detours library · DLL injection capability · Target running SOF2MP GOLD V1.03

MITRE ATT&CK