Remote Denial-of-Service Vulnerability in Unreal Engine

vendor:

Unreal Tournament 2003

by:

Unknown

7.5

CVSS

HIGH

Remote Denial-of-Service

119

CWE

Product Name: Unreal Tournament 2003

Affected Version From: Unreal Tournament 2003 and 2004

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:unreal_engine:unreal_tournament_2003

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Remote Denial-of-Service Vulnerability in Unreal Engine

The Unreal Engine is prone to a remote denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. Successfully exploiting this issue allows remote attackers to corrupt application memory in a manner that causes a crash. Remote code execution may be possible, but this has not been confirmed.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25374/info

The Unreal Engine is prone to a remote denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to corrupt application memory in a manner that causes a crash. Remote code execution may be possible, but this has not been confirmed.

Versions of Unreal Engine that are included in Unreal Tournament 2003 and 2004 are vulnerable. Given the reuse of the engine in multiple other products, other games and versions are also likely vulnerable.

This vulnerability also affects America's Army 2.8.2 when Punkbuster is enabled on the local server; other versions may also be vulnerable. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30513-1.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30513-2.zip