CVE-2010-2702

Name of the Vulnerable Software and Affected Versions Unreal engine versions 1, 2, and 2.5

Description The issue is related to a buffer overflow in the UGameEngine::UpdateConnectingMessage function when downloads are enabled. This allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request. The affected games include Unreal Tournament 2004, Unreal Tournament 2003, Postal 2, Raven Shield, and SWAT4.

Recommendations For Unreal engine versions 1, 2, and 2.5, consider disabling the download feature to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the UGameEngine::UpdateConnectingMessage function to minimize the risk of exploitation. Avoid using the LEVEL field in the WELCOME response to a download request until the issue is resolved.