Vulnerability Description
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epicgames | Unreal Engine | 2 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/unrealcfs-adv.txtExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.htmlExploit
- http://secunia.com/advisories/31854Vendor Advisory
- http://www.osvdb.org/48290
- http://www.osvdb.org/48291
- http://www.securityfocus.com/archive/1/496297/100/0/threaded
- http://www.securityfocus.com/bid/31141Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45090
- http://aluigi.altervista.org/adv/unrealcfs-adv.txtExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.htmlExploit
- http://secunia.com/advisories/31854Vendor Advisory
- http://www.osvdb.org/48290
- http://www.osvdb.org/48291
FAQ
What is CVE-2008-6441?
CVE-2008-6441 is a vulnerability with a CVSS score of 9.3 (HIGH). Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a mal...
How severe is CVE-2008-6441?
CVE-2008-6441 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6441?
Check the references section above for vendor advisories and patch information. Affected products include: Epicgames Unreal Engine.