VYPR
Unrated severityNVD Advisory· Published Aug 9, 2011· Updated Jun 16, 2026

CVE-2011-3012

CVE-2011-3012

Description

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:a:tremulous:tremulous:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:urbanterror:iourbanterror:2007-12-20:*:*:*:*:*:*:*
  • cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*range: <=1.2
    • (no CPE)range: <=1.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.