Required CVE Record Information
Description
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
References 10 Total
- osvdb.org: 48291 vdb-entry
- securityfocus.com: 20080911 Clients format strings in the Unreal engine mailing-list
- securityfocus.com: 31141 vdb-entry
- archives.neohapsis.com: 20080911 Clients format strings in the Unreal engine mailing-list
- osvdb.org: 48290 vdb-entry
- secunia.com: 31854 third-party-advisory
- http://aluigi.altervista.org/adv/unrealcfs-adv.txt
- exchange.xforce.ibmcloud.com: unrealengine-dlmgr-format-string(45088) vdb-entry
- exchange.xforce.ibmcloud.com: unrealengine-pkg-format-string(45089) vdb-entry
- exchange.xforce.ibmcloud.com: unrealengine-welcome-format-string(45090) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 10 Total
- osvdb.org: 48291 vdb-entryx_transferred
- securityfocus.com: 20080911 Clients format strings in the Unreal engine mailing-listx_transferred
- securityfocus.com: 31141 vdb-entryx_transferred
- archives.neohapsis.com: 20080911 Clients format strings in the Unreal engine mailing-listx_transferred
- osvdb.org: 48290 vdb-entryx_transferred
- secunia.com: 31854 third-party-advisoryx_transferred
- http://aluigi.altervista.org/adv/unrealcfs-adv.txt x_transferred
- exchange.xforce.ibmcloud.com: unrealengine-dlmgr-format-string(45088) vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: unrealengine-pkg-format-string(45089) vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: unrealengine-welcome-format-string(45090) vdb-entryx_transferred