Vulnerability Description
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epicgames | Unreal Engine | 1 |
| Epicgames | Postal 2 | All versions |
| Epicgames | Raven Shield | All versions |
| Epicgames | Swat 4 | All versions |
| Epicgames | Unreal Tournament 2003 | All versions |
| Epicgames | Unreal Tournament 2004 | All versions |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/unrealcbof-adv.txtExploit
- http://aluigi.org/poc/unrealcbof.txtExploit
- http://osvdb.org/66039
- http://secunia.com/advisories/40466Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60142
- http://aluigi.altervista.org/adv/unrealcbof-adv.txtExploit
- http://aluigi.org/poc/unrealcbof.txtExploit
- http://osvdb.org/66039
- http://secunia.com/advisories/40466Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60142
FAQ
What is CVE-2010-2702?
CVE-2010-2702 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, R...
How severe is CVE-2010-2702?
CVE-2010-2702 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2702?
Check the references section above for vendor advisories and patch information. Affected products include: Epicgames Unreal Engine, Epicgames Postal 2, Epicgames Raven Shield, Epicgames Swat 4, Epicgames Unreal Tournament 2003.