Search
Find a vulnerability
Search criteria
4 vulnerabilities found for unreal_engine by epicgames
CVE-2010-2702 (GCVE-0-2010-2702)
Vulnerability from nvd – Published: 2010-07-12 17:00 – Updated: 2024-08-07 02:39
VLAI
Summary
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/66039 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/40466 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/unrealcbof-adv.txt | x_refsource_MISC |
| http://aluigi.org/poc/unrealcbof.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66039",
"refsource": "OSVDB",
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40466"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"name": "http://aluigi.org/poc/unrealcbof.txt",
"refsource": "MISC",
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2702",
"datePublished": "2010-07-12T17:00:00.000Z",
"dateReserved": "2010-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:39:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6441 (GCVE-0-2008-6441)
Vulnerability from nvd – Published: 2009-03-09 14:00 – Updated: 2024-08-07 11:27
VLAI
Summary
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/48291 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/496297/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/31141 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/48290 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/31854 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/unrealcfs-adv.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31854"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6441",
"datePublished": "2009-03-09T14:00:00.000Z",
"dateReserved": "2009-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2702 (GCVE-0-2010-2702)
Vulnerability from cvelistv5 – Published: 2010-07-12 17:00 – Updated: 2024-08-07 02:39
VLAI
Summary
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/66039 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/40466 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/unrealcbof-adv.txt | x_refsource_MISC |
| http://aluigi.org/poc/unrealcbof.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66039",
"refsource": "OSVDB",
"url": "http://osvdb.org/66039"
},
{
"name": "40466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40466"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcbof-adv.txt"
},
{
"name": "http://aluigi.org/poc/unrealcbof.txt",
"refsource": "MISC",
"url": "http://aluigi.org/poc/unrealcbof.txt"
},
{
"name": "unrealengine-ugameengineupdate-bo(60142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2702",
"datePublished": "2010-07-12T17:00:00.000Z",
"dateReserved": "2010-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:39:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6441 (GCVE-0-2008-6441)
Vulnerability from cvelistv5 – Published: 2009-03-09 14:00 – Updated: 2024-08-07 11:27
VLAI
Summary
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/48291 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/496297/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/31141 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/48290 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/31854 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/unrealcfs-adv.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31854"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6441",
"datePublished": "2009-03-09T14:00:00.000Z",
"dateReserved": "2009-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}