CVE-2010-2702
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Un desbordamiento de búfer en la función UGameEngine::UpdateConnectingMessage en el motor de Unreal v1, v2 y v2.5, tal como se utiliza en múltiples juegos, incluyendo Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield y SWAT4, cuando las descargas están permitidas, permite ejecutar código arbitrario a atacantes remotos a través de un campo LEVEL demasiado largo en una respuesta WELCOME a una solicitud de descarga.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-07-12 CVE Reserved
- 2010-07-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/66039 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60142 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://aluigi.altervista.org/adv/unrealcbof-adv.txt | 2024-08-07 | |
| http://aluigi.org/poc/unrealcbof.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40466 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 1 Search vendor "Epicgames" for product "Unreal Engine" and version "1" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Postal 2 Search vendor "Epicgames" for product "Postal 2" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 1 Search vendor "Epicgames" for product "Unreal Engine" and version "1" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Raven Shield Search vendor "Epicgames" for product "Raven Shield" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 1 Search vendor "Epicgames" for product "Unreal Engine" and version "1" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Swat 4 Search vendor "Epicgames" for product "Swat 4" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 1 Search vendor "Epicgames" for product "Unreal Engine" and version "1" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2003 Search vendor "Epicgames" for product "Unreal Tournament 2003" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 1 Search vendor "Epicgames" for product "Unreal Engine" and version "1" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2004 Search vendor "Epicgames" for product "Unreal Tournament 2004" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2 Search vendor "Epicgames" for product "Unreal Engine" and version "2" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Postal 2 Search vendor "Epicgames" for product "Postal 2" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2 Search vendor "Epicgames" for product "Unreal Engine" and version "2" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Raven Shield Search vendor "Epicgames" for product "Raven Shield" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2 Search vendor "Epicgames" for product "Unreal Engine" and version "2" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Swat 4 Search vendor "Epicgames" for product "Swat 4" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2 Search vendor "Epicgames" for product "Unreal Engine" and version "2" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2003 Search vendor "Epicgames" for product "Unreal Tournament 2003" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2 Search vendor "Epicgames" for product "Unreal Engine" and version "2" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2004 Search vendor "Epicgames" for product "Unreal Tournament 2004" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2.5 Search vendor "Epicgames" for product "Unreal Engine" and version "2.5" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Postal 2 Search vendor "Epicgames" for product "Postal 2" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2.5 Search vendor "Epicgames" for product "Unreal Engine" and version "2.5" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Raven Shield Search vendor "Epicgames" for product "Raven Shield" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2.5 Search vendor "Epicgames" for product "Unreal Engine" and version "2.5" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Swat 4 Search vendor "Epicgames" for product "Swat 4" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2.5 Search vendor "Epicgames" for product "Unreal Engine" and version "2.5" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2003 Search vendor "Epicgames" for product "Unreal Tournament 2003" | * | - |
Affected
|
| Epicgames Search vendor "Epicgames" | Unreal Engine Search vendor "Epicgames" for product "Unreal Engine" | 2.5 Search vendor "Epicgames" for product "Unreal Engine" and version "2.5" | - |
Affected
| in | Epicgames Search vendor "Epicgames" | Unreal Tournament 2004 Search vendor "Epicgames" for product "Unreal Tournament 2004" | * | - |
Affected
|