PT-2007-5623 · Epic Games · Unreal Engine

Luigi Auriemma

Published

2007-08-21

Updated

2018-10-15

CVE-2007-4442

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Unreal engine versions possibly 2003 and 2004

Description The issue is related to a stack-based buffer overflow in the logging function of the Unreal engine, which is used in the internal web server. This allows remote attackers to cause a denial of service, resulting in an application crash, by requesting a long .gif filename in the images/ directory. The problem is associated with the conversion from Unicode to ASCII.

Recommendations For Unreal engine versions possibly 2003 and 2004, consider disabling the logging function in the internal web server as a temporary workaround to minimize the risk of exploitation. Restrict access to the images/ directory to prevent requests for long .gif filenames.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4442

Affected Products

Unreal Engine

PT-2007-5623 · Epic Games · Unreal Engine

CVE-2007-4442

Related Identifiers

Affected Products

References · 9