CVE-2010-2702

Опубликовано: 12 июл. 2010

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Ссылки

http://aluigi.altervista.org/adv/unrealcbof-adv.txt
Exploit
http://aluigi.org/poc/unrealcbof.txt
Exploit
http://osvdb.org/66039
http://secunia.com/advisories/40466
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60142
http://aluigi.altervista.org/adv/unrealcbof-adv.txt
Exploit
http://aluigi.org/poc/unrealcbof.txt
Exploit
http://osvdb.org/66039
http://secunia.com/advisories/40466
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60142

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:epicgames:unreal_engine:1:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:unreal_engine:2:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:unreal_engine:2.5:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:epicgames:postal_2:*:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:raven_shield:*:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:swat_4:*:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:unreal_tournament_2003:*:*:*:*:*:*:*:*

cpe:2.3:a:epicgames:unreal_tournament_2004:*:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05344

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-rgx2-hj64-5vc5

github

больше 3 лет назад