Upgrading to version 9.5 eliminates this vulnerability.Įntry connected to this vulnerability is available at 59588. MITRE ATT&CK project uses the attack technique T1006 for this issue. Neither technical details nor an exploit are publicly available. The exploitation doesn't need any form of authentication. This vulnerability is known as CVE-2011-1932 since. (dot) characters in a pathname that is used for a file transfer in an Internet game. The summary by CVE is:ĭirectory traversal vulnerability in io/filesystem/ in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via.
As an impact it is known to affect integrity, and availability.
#Widelands versions mac os x#
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Widelands is distributed for Windows (64-bit and 32-bit) and Mac OS X > 10.7 (Intel, 64-bit) and in source code. The CWE definition for the vulnerability is CWE-22. The manipulation with an unknown input leads to a path traversal vulnerability. Affected by this vulnerability is an unknown code of the component Filesystem. or set by adding a VERSION file, Define the Widelands version. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability classified as critical was found in Widelands up to 15. Widelands is a free, open source real-time strategy game with singleplayer campaigns and a. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
