Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6441

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-6441
Last Modified 20 Aug 2009 01:25:16
Published 09 Mar 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6441

Summary

Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

Vulnerable Systems

Application

  • Epicgames Unreal Engine 2

  • Epicgames Unreal Engine 2.5

  • Epicgames Unreal Engine 3


References

XF - unrealengine-welcome-format-string(45090)

XF - unrealengine-pkg-format-string(45089)

XF - unrealengine-dlmgr-format-string(45088)

BID - 31141

BUGTRAQ - 20080911 Clients format strings in the Unreal engine

OSVDB - 48291

OSVDB - 48290

SECUNIA - 31854

MISC - http://aluigi.altervista.org/adv/unrealcfs-adv.txt


Last Updated: 27 May 2016 10:49:12