CVE-2007-5249

Name of the Vulnerable Software and Affected Versions: Unreal engine versions prior to 2.8.2 (Special Forces)

Description: The issue is related to multiple buffer overflows in the logging function of the Unreal engine when Punkbuster is enabled. This can be exploited by remote attackers to cause a denial of service, specifically a daemon crash, by sending a long packet to specific servers. The attack vectors include sending a long PB Y packet to the YPG server on UDP port 1716 or a long PB U packet to UCON on UDP port 1716.

Recommendations: For Unreal engine versions prior to 2.8.2, consider disabling Punkbuster until a patch is available to prevent the exploitation of the buffer overflows in the logging function. Restrict access to the YPG server on UDP port 1716 and UCON on UDP port 1716 to minimize the risk of a denial of service attack.