Search criteria
6 vulnerabilities found for unreal_engine by epicgames
FKIE_CVE-2010-2702
Vulnerability from fkie_nvd - Published: 2010-07-12 17:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| epicgames | unreal_engine | 1 | |
| epicgames | unreal_engine | 2 | |
| epicgames | unreal_engine | 2.5 | |
| epicgames | postal_2 | * | |
| epicgames | raven_shield | * | |
| epicgames | swat_4 | * | |
| epicgames | unreal_tournament_2003 | * | |
| epicgames | unreal_tournament_2004 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B8824F-CCAA-4756-BD0B-000CD162FAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB76B1A-D2AF-4BC7-B3FB-F9C3D8B7077A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9F2B6F-7334-43F0-AE5E-70EDC79052A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epicgames:postal_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DE3D5B-0A6C-4BD2-8AEF-DE4EFD93D137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:raven_shield:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FC0308-0B20-467D-AB64-68F939E7785A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:swat_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2478849A-9FAB-45B3-A99B-07CCD1981A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_tournament_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D13823-D9BD-427E-8CC5-8590D0C3037C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_tournament_2004:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6949154C-5F12-441D-8BAF-A096CE25DCCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n UGameEngine::UpdateConnectingMessage en el motor de Unreal v1, v2 y v2.5, tal como se utiliza en m\u00faltiples juegos, incluyendo Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield y SWAT4, cuando las descargas est\u00e1n permitidas, permite ejecutar c\u00f3digo arbitrario a atacantes remotos a trav\u00e9s de un campo LEVEL demasiado largo en una respuesta WELCOME a una solicitud de descarga."
}
],
"id": "CVE-2010-2702",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-12T17:30:03.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40466"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6441
Vulnerability from fkie_nvd - Published: 2009-03-09 14:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| epicgames | unreal_engine | 2 | |
| epicgames | unreal_engine | 2.5 | |
| epicgames | unreal_engine | 3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB76B1A-D2AF-4BC7-B3FB-F9C3D8B7077A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9F2B6F-7334-43F0-AE5E-70EDC79052A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epicgames:unreal_engine:3:*:*:*:*:*:*:*",
"matchCriteriaId": "A735A5C2-04CC-44E1-B658-F90F2020F292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
},
{
"lang": "es",
"value": "Una vulnerabilidad de formato de cadena en el motor del cliente de Epic Games Unreal, cuando se utiliza en m\u00faltiples juegos, permite a servidores remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de (1) el par\u00e1metro \"CLASS\" en el comando DLMGR, (2) un paquete malformado (PKG), y posiblemente (3) el par\u00e1metro \"LEVEL\" en el comando WELCOME."
}
],
"id": "CVE-2008-6441",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-09T14:30:00.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31854"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/48290"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/48291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/48290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/48291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-2702 (GCVE-0-2010-2702)
Vulnerability from cvelistv5 – Published: 2010-07-12 17:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66039",
"refsource": "OSVDB",
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40466"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"name": "http://aluigi.org/poc/unrealcbof.txt",
"refsource": "MISC",
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2702",
"datePublished": "2010-07-12T17:00:00",
"dateReserved": "2010-07-12T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6441 (GCVE-0-2008-6441)
Vulnerability from cvelistv5 – Published: 2009-03-09 14:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31854"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6441",
"datePublished": "2009-03-09T14:00:00",
"dateReserved": "2009-03-09T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2702 (GCVE-0-2010-2702)
Vulnerability from nvd – Published: 2010-07-12 17:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66039",
"refsource": "OSVDB",
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40466"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"name": "http://aluigi.org/poc/unrealcbof.txt",
"refsource": "MISC",
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2702",
"datePublished": "2010-07-12T17:00:00",
"dateReserved": "2010-07-12T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6441 (GCVE-0-2008-6441)
Vulnerability from nvd – Published: 2009-03-09 14:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31854"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6441",
"datePublished": "2009-03-09T14:00:00",
"dateReserved": "2009-03-09T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}