VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2702
postal_2, raven_shield, swat_4, unreal_engine, unreal_tournament_2003, unreal_tou...: Buffer overflow in the UGameEngine::UpdateConnectin...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2702

Original

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-07-12
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-13




Affected Product Tags
cpe:/a:epicgames:postal_2
cpe:/a:epicgames:raven_shield
cpe:/a:epicgames:swat_4
cpe:/a:epicgames:unreal_engine:1
cpe:/a:epicgames:unreal_engine:2
cpe:/a:epicgames:unreal_engine:2.5
cpe:/a:epicgames:unreal_tournament_2003
cpe:/a:epicgames:unreal_tournament_2004
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
MISC http://aluigi.org/poc/unrealcbof.txt




MISC http://aluigi.altervista.org/adv/unrealcbof-adv.txt




OSVDB 66039




SECUNIA 40466




Vulnerability Type Buffer Errors (CWE-119)




XF unrealengine-ugameengineupdate-bo(60142)




Copyright © 2010 JPCERT/CC All Rights Reserved.