CVE-2012-1189

Bernhard Wymann Torcs < 1.3.2 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andres Gomez & David Mora · clocalwindows

https://www.exploit-db.com/exploits/18471

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/79372

[Patch] http://freecode.com/projects/torcs/releases/341672

[Patch] http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79

[Exploit] http://www.exploit-db.com/exploits/18471

[Exploit] http://www.openwall.com/lists/oss-security/2012/02/18/2

[Exploit] http://www.openwall.com/lists/oss-security/2012/03/05/18

Scores

EPSS 0.2495

EPSS Percentile 96.2%

Details

CWE

CWE-119

Status published

Products (6)

bernhard_wymann/torcs 1.2.3

bernhard_wymann/torcs 1.2.4

bernhard_wymann/torcs 1.3.0

bernhard_wymann/torcs 1.3.1

bernhard_wymann/torcs < 1.3.2

speed-dreams/speed_dreams

Published Oct 08, 2012

Tracked Since Feb 18, 2026