CVE-2010-2702

Sažetak

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Reference

http://aluigi.altervista.org/adv/unrealcbof-adv.txt
http://aluigi.org/poc/unrealcbof.txt
http://osvdb.org/66039
http://secunia.com/advisories/40466
https://exchange.xforce.ibmcloud.com/vulnerabilities/60142

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

12-07-2010 - 17:30