Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unreal_engine | Epicgames | 2 (including) | 2 (including) |
| Unreal_engine | Epicgames | 2.5 (including) | 2.5 (including) |
| Unreal_engine | Epicgames | 3 (including) | 3 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://aluigi.altervista.org/adv/unrealcfs-adv.txt
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html
- http://secunia.com/advisories/31854
- http://www.osvdb.org/48290
- http://www.osvdb.org/48291
- http://www.securityfocus.com/archive/1/496297/100/0/threaded
- http://www.securityfocus.com/bid/31141
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45090
- http://aluigi.altervista.org/adv/unrealcfs-adv.txt
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html
- http://secunia.com/advisories/31854
- http://www.osvdb.org/48290
- http://www.osvdb.org/48291
- http://www.securityfocus.com/archive/1/496297/100/0/threaded
- http://www.securityfocus.com/bid/31141
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45090