How severe is CVE-2017-6903?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2017-6903?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2017-6903

HIGH Year: 2017

CVSS v3 Score

7.8

High

CVSS v2 Score

9.3

Critical

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as native code DLLs. A malicious auto-downloaded file can contain configuration defaults that override the user's. Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape.

CVE-2006-4663

HIGH

CVSS:7.8(High)

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local use...

NVD-CWE-Other2006

CVE-2006-6165

HIGH

CVSS:7.8(High)

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variabl...

NVD-CWE-Other2006

CVE-2007-0257

HIGH

CVSS:7.8(High)

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating ...

NVD-CWE-Other2007

CVE-2009-1123

HIGH

CVSS:7.8(High)

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows ...

NVD-CWE-Other2009

CVE-2010-0188

HIGH

CVSS:7.8(High)

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unk...

NVD-CWE-Other2010

CVE-2010-0232

HIGH

CVSS:7.8(High)

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold an...

NVD-CWE-Other2010

CVE-2017-6903

Vulnerability Description

Related Vulnerabilities

CVE-2006-4663

CVE-2006-6165

CVE-2007-0257

CVE-2009-1123

CVE-2010-0188

CVE-2010-0232