CVE-2006-3401

Quake 3 Engine <1.32c - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3401. PoCs published by RunningBon.

AI-analyzed exploit summary This exploit targets a remote stack overflow in the Quake 3 Engine by hooking the SV_SetConfigstring function via DLL injection. It crafts a malicious payload to overflow the buffer when processing CS_ITEMS, leading to arbitrary code execution.

Description

Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RunningBon · c++doswindows_x86

https://www.exploit-db.com/exploits/1977

View Code ZIP pw:eip

This exploit targets a remote stack overflow in the Quake 3 Engine by hooking the SV_SetConfigstring function via DLL injection. It crafts a malicious payload to overflow the buffer when processing CS_ITEMS, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Quake 3 Arena 1.32b/1.32c

No auth needed

Prerequisites: Microsoft Detours library · DLL injection capability · Target running vulnerable Quake 3 version

MITRE ATT&CK