Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unreal_engine | Epic_games | 433 (including) | 433 (including) |
| Unreal_engine | Epic_games | 436 (including) | 436 (including) |
| Unreal_tournament | Epic_games | 451b (including) | 451b (including) |
| Unreal_tournament_2003 | Epic_games | 2199_macos (including) | 2199_macos (including) |
| Unreal_tournament_2003 | Epic_games | 2199_win32 (including) | 2199_win32 (including) |
| Unreal_tournament_2003 | Epic_games | 2225_macos (including) | 2225_macos (including) |
| Unreal_tournament_2003 | Epic_games | 2225_win32 (including) | 2225_win32 (including) |
References
- http://aluigi.altervista.org/adv/umod-adv.txt
- http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2
- http://www.securityfocus.com/bid/10196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15942
- http://aluigi.altervista.org/adv/umod-adv.txt
- http://marc.info/?l=bugtraq\u0026m=108267310519459\u0026w=2
- http://www.securityfocus.com/bid/10196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15942