All the vulnerabilites related to epic_games - unreal_tournament
cve-2008-7015
Vulnerability from cvelistv5
Published
2009-08-19 10:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/496280/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/48292 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45095 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31140 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080911 Server termination in the Unreal engine 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
},
{
"name": "48292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48292"
},
{
"name": "unrealengine-memory-dos(45095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
},
{
"name": "31140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31140"
},
{
"name": "20080911 Server termination in the Unreal engine 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080911 Server termination in the Unreal engine 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
},
{
"name": "48292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48292"
},
{
"name": "unrealengine-memory-dos(45095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
},
{
"name": "31140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31140"
},
{
"name": "20080911 Server termination in the Unreal engine 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080911 Server termination in the Unreal engine 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
},
{
"name": "48292",
"refsource": "OSVDB",
"url": "http://osvdb.org/48292"
},
{
"name": "unrealengine-memory-dos(45095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
},
{
"name": "31140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31140"
},
{
"name": "20080911 Server termination in the Unreal engine 3",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7015",
"datePublished": "2009-08-19T10:00:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7011
Vulnerability from cvelistv5
Published
2009-08-19 10:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31205 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html | mailing-list, x_refsource_FULLDISC | |
| http://osvdb.org/48293 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/496399/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31205"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html"
},
{
"name": "48293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48293"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man\u0027s Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31205"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html"
},
{
"name": "48293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48293"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man\u0027s Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31205"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html"
},
{
"name": "48293",
"refsource": "OSVDB",
"url": "http://osvdb.org/48293"
},
{
"name": "20080916 Failed assertion in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7011",
"datePublished": "2009-08-19T10:00:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1958
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/umod-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15942 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108267310519459&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10196 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/umod-adv.txt"
},
{
"name": "unreal-umod-dotdot-file-overwrite(15942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15942"
},
{
"name": "20040422 Arbitrary file overwriting in Unreal engine through UMOD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2"
},
{
"name": "10196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/umod-adv.txt"
},
{
"name": "unreal-umod-dotdot-file-overwrite(15942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15942"
},
{
"name": "20040422 Arbitrary file overwriting in Unreal engine through UMOD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2"
},
{
"name": "10196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/umod-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/umod-adv.txt"
},
{
"name": "unreal-umod-dotdot-file-overwrite(15942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15942"
},
{
"name": "20040422 Arbitrary file overwriting in Unreal engine through UMOD",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2"
},
{
"name": "10196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1958",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0608
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10570 | vdb-entry, x_refsource_BID | |
| http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml | vendor-advisory, x_refsource_GENTOO | |
| http://marc.info/?l=bugtraq&m=108787105023304&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://aluigi.altervista.org/adv/unsecure-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10570"
},
{
"name": "GLSA-200407-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml"
},
{
"name": "20040618 Code execution in the Unreal Engine through \\secure\\ packet",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108787105023304\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unsecure-adv.txt"
},
{
"name": "unreal-secure-query-command-execute(16451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10570"
},
{
"name": "GLSA-200407-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml"
},
{
"name": "20040618 Code execution in the Unreal Engine through \\secure\\ packet",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108787105023304\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unsecure-adv.txt"
},
{
"name": "unreal-secure-query-command-execute(16451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10570"
},
{
"name": "GLSA-200407-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml"
},
{
"name": "20040618 Code execution in the Unreal Engine through \\secure\\ packet",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108787105023304\u0026w=2"
},
{
"name": "http://aluigi.altervista.org/adv/unsecure-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unsecure-adv.txt"
},
{
"name": "unreal-secure-query-command-execute(16451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0608",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-08-19 10:30
Modified
2024-11-21 00:58
Severity ?
Summary
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| epic_games | unreal_tournament | 3 | |
| frontlines | fuel_of_war | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:3:1.3:*:*:*:*:*:*",
"matchCriteriaId": "9AB57FD3-DF3A-4214-9A4E-BBD05E7D72D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frontlines:fuel_of_war:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B3F85B-D64A-448D-AE99-49D101E9CB5E",
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure."
},
{
"lang": "es",
"value": "El motor de Unreal v3, utilizado en Unreal Tournament v3 1.3, Frontlines: Fuel of War v1.1.1, y otros productos, permite a atacantes remotos producir una denegaci\u00f3n de servicio (salida del servidor) a trav\u00e9s de un paquete con un valor de entero largo que inicia un fallo de localizaci\u00f3n de memoria."
}
],
"id": "CVE-2008-7015",
"lastModified": "2024-11-21T00:58:03.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T10:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48292"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31140"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arush | devastation | 390.0 | |
| dreamforge | tnn_outdoors_pro_hunter | * | |
| epic_games | unreal_engine | 226f | |
| epic_games | unreal_engine | 433 | |
| epic_games | unreal_engine | 436 | |
| epic_games | unreal_tournament | 451b | |
| epic_games | unreal_tournament_2003 | 2199_linux | |
| epic_games | unreal_tournament_2003 | 2199_macos | |
| epic_games | unreal_tournament_2003 | 2199_win32 | |
| epic_games | unreal_tournament_2003 | 2225_macos | |
| epic_games | unreal_tournament_2003 | 2225_win32 | |
| epic_games | unreal_tournament_2004 | macos | |
| epic_games | unreal_tournament_2004 | win32 | |
| infogrames | tacticalops | 3.4 | |
| infogrames | x-com_enforcer | * | |
| ion_storm | deusex | 1.112_fm | |
| nerf_arena_blast | nerf_arena_blast | 1.2 | |
| rage_software | mobile_forces | 20000.0 | |
| robert_jordan | wheel_of_time | 333.0b | |
| running_with_scissors | postal_2 | 1337 | |
| gentoo | linux | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arush:devastation:390.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91455172-A4E9-4FFE-A8BA-7F42A57E0178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamforge:tnn_outdoors_pro_hunter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1B27DC-C23A-4B9C-8BB6-8CE1CE96D834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*",
"matchCriteriaId": "A99F5526-E641-464B-83A3-A9AF27AC287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC39AE7-3145-4095-A471-C1668CAB8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"matchCriteriaId": "93D14650-A8AC-4CBB-9968-0EF215623DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:451b:*:*:*:*:*:*:*",
"matchCriteriaId": "97F32E3A-5AAA-4339-9D13-683503ED1583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*",
"matchCriteriaId": "48CB8C40-600B-47E5-95C7-69CC45511FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_macos:*:*:*:*:*:*:*",
"matchCriteriaId": "74616692-4F51-48F6-9359-4BB7D669B01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*",
"matchCriteriaId": "1971DEBD-F042-438D-B335-4D8BF3304EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2225_macos:*:*:*:*:*:*:*",
"matchCriteriaId": "BA13D42B-7EF0-4D3E-94B4-6E0CDBB4DF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2225_win32:*:*:*:*:*:*:*",
"matchCriteriaId": "69B75B3F-99B7-497E-9E1E-C49520E971D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2004:macos:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FF117A-F923-4891-9AE5-19791F71215C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2004:win32:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C8FA0D-6FEA-4C92-9759-067D96C09F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:infogrames:tacticalops:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F409A702-F5EE-429C-A208-E7A8693FCDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:infogrames:x-com_enforcer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1D7911-0A9A-4771-AC16-7B1017A0A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ion_storm:deusex:1.112_fm:*:*:*:*:*:*:*",
"matchCriteriaId": "3F029653-AF84-45D8-9508-0C65307415B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nerf_arena_blast:nerf_arena_blast:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DAD171-F434-4299-B5F5-BAF843BC55DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rage_software:mobile_forces:20000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26EFB617-24C2-4FCD-AEDB-CEE4B37C6264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_jordan:wheel_of_time:333.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8B1ED2-CACC-4FA2-9F59-E87AC64C448A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:running_with_scissors:postal_2:1337:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE50091-3C88-45F1-86A3-417886D6A97E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory."
},
{
"lang": "es",
"value": "El Motor de Unreal, usado en in DeusEx 1.112fm y anteriores, , Devastation 390 y anteriores, Mobile Forces 20000 y anteriores, Nerf Arena Blast 1.2 y anteriores, Postal 2 1337 y anteriores, Rune 107 y anteriores, Tactical Ops 3.4.0 y anteriores, Unreal 1 226f y anteriores, Unreal II XMP 7710 y anteriores, Unreal Tournament 451b y anteriores, Unreal Tournament 2003 2225 y anteriores, Unreal Tournament 2004 anteriores a 3236, Wheel of Time 333b y anteriores, and X-com Enforcer permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete UDP conteniendo una consulta segura con un valor largo, lo que sobreescribe memoria."
}
],
"id": "CVE-2004-0608",
"lastModified": "2024-11-20T23:48:58.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://aluigi.altervista.org/adv/unsecure-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108787105023304\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10570"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://aluigi.altervista.org/adv/unsecure-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108787105023304\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16451"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-19 10:30
Modified
2024-11-21 00:58
Severity ?
Summary
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digital_extreme | pariah | * | |
| epic_games | unreal_tournament | 3 | |
| epic_games | unreal_tournament | 2003 | |
| epic_games | unreal_tournament | 2004 | |
| groove_games | warpath | * | |
| human_head_studios | dead_mans_hand | * | |
| red_mercury | shadow_ops | * | |
| whiptail_interactive | postal | 2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digital_extreme:pariah:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6587F764-5D9B-4D59-8038-D8088ECC3EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:3:1.3:*:*:*:*:*:*",
"matchCriteriaId": "9AB57FD3-DF3A-4214-9A4E-BBD05E7D72D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1BC445-F213-4032-89ED-C27B3526D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AD75F3DD-8EB1-4BE0-B6DF-E4DC0D96B7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:groove_games:warpath:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD522D7-62CF-4912-94F0-98425CE7E453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:human_head_studios:dead_mans_hand:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C4B092-731F-4E66-8EA3-977EF1AF165F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:red_mercury:shadow_ops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D034C6-5A04-46F2-97B6-70C21320B546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whiptail_interactive:postal:2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACACD3D7-A342-45A9-B4F2-4121F5DF7E46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man\u0027s Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set."
},
{
"lang": "es",
"value": "El motor de Unreal, el utilizado en Unreal Tournament v3 1.3, Unreal Tournament 2003 y 2004, Dead Man\u0027s Hand, Pariah, WarPath, Postal2, y Shadow Ops, permite a usuarios remotos autenticados producir una denegaci\u00f3n de servicio (salida de servidor) a trav\u00e9s de m\u00faltiples descargas de ficheros desde el servidor, lo que inicia un fallo de aserci\u00f3n cuando la marca (flag) de cierre en UnChan.cpp esta activado."
}
],
"id": "CVE-2008-7011",
"lastModified": "2024-11-21T00:58:03.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T10:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48293"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| epic_games | unreal_engine | 433 | |
| epic_games | unreal_engine | 436 | |
| epic_games | unreal_tournament | 451b | |
| epic_games | unreal_tournament_2003 | 2199_macos | |
| epic_games | unreal_tournament_2003 | 2199_win32 | |
| epic_games | unreal_tournament_2003 | 2225_macos | |
| epic_games | unreal_tournament_2003 | 2225_win32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC39AE7-3145-4095-A471-C1668CAB8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"matchCriteriaId": "93D14650-A8AC-4CBB-9968-0EF215623DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament:451b:*:*:*:*:*:*:*",
"matchCriteriaId": "97F32E3A-5AAA-4339-9D13-683503ED1583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_macos:*:*:*:*:*:*:*",
"matchCriteriaId": "74616692-4F51-48F6-9359-4BB7D669B01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*",
"matchCriteriaId": "1971DEBD-F042-438D-B335-4D8BF3304EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2225_macos:*:*:*:*:*:*:*",
"matchCriteriaId": "BA13D42B-7EF0-4D3E-94B4-6E0CDBB4DF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epic_games:unreal_tournament_2003:2225_win32:*:*:*:*:*:*:*",
"matchCriteriaId": "69B75B3F-99B7-497E-9E1E-C49520E971D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file."
}
],
"id": "CVE-2004-1958",
"lastModified": "2024-11-20T23:52:09.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/umod-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10196"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/umod-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}