Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1432

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1432
Last Modified 05 Sep 2008 04:36:55
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1432

Summary

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

Vulnerable Systems

Application

  • Epic Games Unreal Engine 226f

  • Epic Games Unreal Engine 433

  • Epic Games Unreal Engine 436

  • Epic Games Unreal Tournament 2003 2199 Linux

  • Epic Games Unreal Tournament 2003 2199 Win32

  • Epic Games Unreal Tournament 2003 Demo Version 2206 Linux

  • Epic Games Unreal Tournament 2003 Demo Version 2206 Win32


References

XF - ut-negative-udp-dos(12012)

XF - ut-negative-memory-corruption(11305)

XF - ut-packet-dos(11302)

BID - 6772

BID - 6770

BUGTRAQ - 20030513 UT2003 client passive DoS exploit

BUGTRAQ - 20030211 Re: Epic Games threatens to sue security researchers

BUGTRAQ - 20030205 Unreal engine: results of my research


Last Updated: 27 May 2016 10:38:22