header-logo
Suggest Exploit
vendor:
Unreal Tournament Server Engine
by:
Unknown
7.5
CVSS
HIGH
Format String
Unknown
CWE
Product Name: Unreal Tournament Server Engine
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Unreal Tournament Server Engine Format String Vulnerability

A format string vulnerability has been reported in the Unreal Tournament server engine. The vulnerability occurs due to a failure of the server application to properly sanitize user-supplied network data. This vulnerability could allow an attacker to execute arbitrary code on the system where the affected server software is implemented, potentially leading to a complete compromise of the system.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9840/info

A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly sanitize user supplied network data.

Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected server software, which would occur in the security context of the server process.

Example:

From:
Class=Engine.Pawn

To:
Class=%n%nEngine.Pawn

If the game is vulnerable it will crash when launched.